platform_system_sepolicy/healthd.te

# healthd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type healthd, domain;

allow healthd rootfs:file { read entrypoint };
write_klog(healthd)
# /dev/__null__ created by init prior to policy load,
# open fd inherited by healthd.
allow healthd tmpfs:chr_file { read write };

allow healthd self:capability { net_admin mknod };
allow healthd self:capability2 block_suspend;
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
binder_use(healthd)
binder_service(healthd)
binder_call(healthd, system_server)

# Write to state file.
# TODO:  Split into a separate type?
allow healthd sysfs:file write;

###
### healthd: charger mode
###

allow healthd graphics_device:dir r_dir_perms;
allow healthd graphics_device:chr_file rw_file_perms;
allow healthd input_device:dir r_dir_perms;
allow healthd input_device:chr_file r_file_perms;
allow healthd tty_device:chr_file rw_file_perms;
allow healthd ashmem_device:chr_file execute;
allow healthd self:process execmem;
healthd: add sepolicy Change-Id: Ic0351c69d67aa3a6f71f505408c53d642626ebb4 2013-06-03 23:09:54 +02:00			`# healthd seclabel is specified in init.rc since`
			`# it lives in the rootfs and has no unique file type.`
			`type healthd, domain;`

Confine healthd, but leave it permissive for now. Remove unconfined_domain() and add the allow rules required for operation of healthd. Restore the permissive declaration until I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2 is applied to the 3.4 kernel. Resolves the following denials in 4.4: type=1400 audit(1383590167.750:14): avc: denied { read } for pid=49 comm="healthd" path="/sbin/healthd" dev="rootfs" ino=1232 scontext=u:r:healthd:s0 tcontext=u:object_r:rootfs:s0 tclass=file type=1400 audit(1383590167.750:15): avc: denied { mknod } for pid=49 comm="healthd" capability=27 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:16): avc: denied { create } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { setopt } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { net_admin } for pid=49 comm="healthd" capability=12 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:18): avc: denied { bind } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket shell@generic:/ $ type=1400 audit(1383590168.800:21): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:22): avc: denied { transfer } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:23): avc: denied { 0x10 } for pid=49 comm="healthd" capability=36 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability2 type=1400 audit(1383590168.800:24): avc: denied { read } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590212.320:161): avc: denied { call } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:161): avc: denied { transfer } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:162): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder type=1400 audit(1383590275.930:463): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder Change-Id: Iacd058edfa1e913a8f24ce8937d2d76c928d6740 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-11-04 15:53:46 +01:00			`allow healthd rootfs:file { read entrypoint };`
healthd: add sepolicy Change-Id: Ic0351c69d67aa3a6f71f505408c53d642626ebb4 2013-06-03 23:09:54 +02:00			`write_klog(healthd)`
Allow healthd to read/write /dev/__null_. init creates a private /dev/null instance named /dev/__null__ that is inherited by healthd. Since it is created prior to initial policy load, it is left in the tmpfs type. Allow healthd to inherit and use the open fd. Change-Id: I525fb4527766d0780457642ebcc19c0fcfd1778c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2014-01-22 19:23:02 +01:00			`# /dev/__null__ created by init prior to policy load,`
			`# open fd inherited by healthd.`
			`allow healthd tmpfs:chr_file { read write };`
healthd: add sepolicy Change-Id: Ic0351c69d67aa3a6f71f505408c53d642626ebb4 2013-06-03 23:09:54 +02:00
Confine healthd, but leave it permissive for now. Remove unconfined_domain() and add the allow rules required for operation of healthd. Restore the permissive declaration until I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2 is applied to the 3.4 kernel. Resolves the following denials in 4.4: type=1400 audit(1383590167.750:14): avc: denied { read } for pid=49 comm="healthd" path="/sbin/healthd" dev="rootfs" ino=1232 scontext=u:r:healthd:s0 tcontext=u:object_r:rootfs:s0 tclass=file type=1400 audit(1383590167.750:15): avc: denied { mknod } for pid=49 comm="healthd" capability=27 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:16): avc: denied { create } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { setopt } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { net_admin } for pid=49 comm="healthd" capability=12 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:18): avc: denied { bind } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket shell@generic:/ $ type=1400 audit(1383590168.800:21): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:22): avc: denied { transfer } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:23): avc: denied { 0x10 } for pid=49 comm="healthd" capability=36 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability2 type=1400 audit(1383590168.800:24): avc: denied { read } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590212.320:161): avc: denied { call } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:161): avc: denied { transfer } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:162): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder type=1400 audit(1383590275.930:463): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder Change-Id: Iacd058edfa1e913a8f24ce8937d2d76c928d6740 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-11-04 15:53:46 +01:00			`allow healthd self:capability { net_admin mknod };`
			`allow healthd self:capability2 block_suspend;`
			`allow healthd self:netlink_kobject_uevent_socket create_socket_perms;`
			`binder_use(healthd)`
initial dumpstate domain Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd 2013-12-14 07:19:45 +01:00			`binder_service(healthd)`
Confine healthd, but leave it permissive for now. Remove unconfined_domain() and add the allow rules required for operation of healthd. Restore the permissive declaration until I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2 is applied to the 3.4 kernel. Resolves the following denials in 4.4: type=1400 audit(1383590167.750:14): avc: denied { read } for pid=49 comm="healthd" path="/sbin/healthd" dev="rootfs" ino=1232 scontext=u:r:healthd:s0 tcontext=u:object_r:rootfs:s0 tclass=file type=1400 audit(1383590167.750:15): avc: denied { mknod } for pid=49 comm="healthd" capability=27 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:16): avc: denied { create } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { setopt } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590167.750:17): avc: denied { net_admin } for pid=49 comm="healthd" capability=12 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability type=1400 audit(1383590167.750:18): avc: denied { bind } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket shell@generic:/ $ type=1400 audit(1383590168.800:21): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:22): avc: denied { transfer } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:servicemanager:s0 tclass=binder type=1400 audit(1383590168.800:23): avc: denied { 0x10 } for pid=49 comm="healthd" capability=36 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability2 type=1400 audit(1383590168.800:24): avc: denied { read } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=netlink_kobject_uevent_socket type=1400 audit(1383590212.320:161): avc: denied { call } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:161): avc: denied { transfer } for pid=376 comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:healthd:s0 tclass=binder type=1400 audit(1383590212.320:162): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder type=1400 audit(1383590275.930:463): avc: denied { call } for pid=49 comm="healthd" scontext=u:r:healthd:s0 tcontext=u:r:system_server:s0 tclass=binder Change-Id: Iacd058edfa1e913a8f24ce8937d2d76c928d6740 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-11-04 15:53:46 +01:00			`binder_call(healthd, system_server)`
fix healthd charger mode. Healthd has an optional "charger" mode. The device boots into a minimally running mode, and healthd displays the battery indicator. Without this patch, when a manta device boots into charger mode, the screen will never turn off and the battery indicator will not move. From reviewing the healthd code, it looks like this may affect lots of devices, not just manta. I'm adding this change to the generic policy. Steps to reproduce: 1) Make sure the device is unplugged. 2) Boot into a normal system. 3) Shutdown the system normally using the power button. 4) After shutdown, plugin the power cord. 5) Device will boot into charger mode. Battery icon will display. 6) Press the button to reboot into a normal mode. 7) Examine /proc/last_kmsg and look for denials. Addresses the following denials: [ 3.908457] type=1400 audit(1390866386.620:3): avc: denied { read write } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909085] type=1400 audit(1390866386.620:4): avc: denied { open } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909749] type=1400 audit(1390866386.620:5): avc: denied { ioctl } for pid=98 comm="charger" path="/dev/graphics/fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 4.889857] type=1400 audit(1390866387.605:6): avc: denied { read } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.890873] type=1400 audit(1390866387.605:7): avc: denied { open } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.891949] type=1400 audit(1390866387.605:8): avc: denied { search } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.892677] type=1400 audit(1390866387.605:9): avc: denied { read } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 4.893576] type=1400 audit(1390866387.605:10): avc: denied { open } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 7.288104] type=1400 audit(1390866389.999:12): avc: denied { execmem } for pid=98 comm="charger" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=process [ 7.288574] type=1400 audit(1390866389.999:13): avc: denied { execute } for pid=98 comm="charger" path="/dev/ashmem" dev="tmpfs" ino=4113 scontext=u:r:healthd:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file Change-Id: I0118e08514caa0ad11d2aa7562c9846a96779a21 2014-01-28 01:15:00 +01:00
Address healthd denials. Resolve denials such as: avc: denied { write } for pid=130 comm="healthd" name="state" dev="sysfs" ino=57 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file avc: denied { read write } for pid=130 comm="healthd" name="tty0" dev="tmpfs" ino=5677 scontext=u:r:healthd:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file Change-Id: Iff0609af924b4e5094be7512646140c3baa97549 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2014-03-11 13:51:42 +01:00			`# Write to state file.`
			`# TODO: Split into a separate type?`
			`allow healthd sysfs:file write;`

fix healthd charger mode. Healthd has an optional "charger" mode. The device boots into a minimally running mode, and healthd displays the battery indicator. Without this patch, when a manta device boots into charger mode, the screen will never turn off and the battery indicator will not move. From reviewing the healthd code, it looks like this may affect lots of devices, not just manta. I'm adding this change to the generic policy. Steps to reproduce: 1) Make sure the device is unplugged. 2) Boot into a normal system. 3) Shutdown the system normally using the power button. 4) After shutdown, plugin the power cord. 5) Device will boot into charger mode. Battery icon will display. 6) Press the button to reboot into a normal mode. 7) Examine /proc/last_kmsg and look for denials. Addresses the following denials: [ 3.908457] type=1400 audit(1390866386.620:3): avc: denied { read write } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909085] type=1400 audit(1390866386.620:4): avc: denied { open } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909749] type=1400 audit(1390866386.620:5): avc: denied { ioctl } for pid=98 comm="charger" path="/dev/graphics/fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 4.889857] type=1400 audit(1390866387.605:6): avc: denied { read } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.890873] type=1400 audit(1390866387.605:7): avc: denied { open } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.891949] type=1400 audit(1390866387.605:8): avc: denied { search } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.892677] type=1400 audit(1390866387.605:9): avc: denied { read } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 4.893576] type=1400 audit(1390866387.605:10): avc: denied { open } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 7.288104] type=1400 audit(1390866389.999:12): avc: denied { execmem } for pid=98 comm="charger" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=process [ 7.288574] type=1400 audit(1390866389.999:13): avc: denied { execute } for pid=98 comm="charger" path="/dev/ashmem" dev="tmpfs" ino=4113 scontext=u:r:healthd:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file Change-Id: I0118e08514caa0ad11d2aa7562c9846a96779a21 2014-01-28 01:15:00 +01:00			`###`
			`### healthd: charger mode`
			`###`

			`allow healthd graphics_device:dir r_dir_perms;`
			`allow healthd graphics_device:chr_file rw_file_perms;`
			`allow healthd input_device:dir r_dir_perms;`
			`allow healthd input_device:chr_file r_file_perms;`
Address healthd denials. Resolve denials such as: avc: denied { write } for pid=130 comm="healthd" name="state" dev="sysfs" ino=57 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file avc: denied { read write } for pid=130 comm="healthd" name="tty0" dev="tmpfs" ino=5677 scontext=u:r:healthd:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file Change-Id: Iff0609af924b4e5094be7512646140c3baa97549 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2014-03-11 13:51:42 +01:00			`allow healthd tty_device:chr_file rw_file_perms;`
fix healthd charger mode. Healthd has an optional "charger" mode. The device boots into a minimally running mode, and healthd displays the battery indicator. Without this patch, when a manta device boots into charger mode, the screen will never turn off and the battery indicator will not move. From reviewing the healthd code, it looks like this may affect lots of devices, not just manta. I'm adding this change to the generic policy. Steps to reproduce: 1) Make sure the device is unplugged. 2) Boot into a normal system. 3) Shutdown the system normally using the power button. 4) After shutdown, plugin the power cord. 5) Device will boot into charger mode. Battery icon will display. 6) Press the button to reboot into a normal mode. 7) Examine /proc/last_kmsg and look for denials. Addresses the following denials: [ 3.908457] type=1400 audit(1390866386.620:3): avc: denied { read write } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909085] type=1400 audit(1390866386.620:4): avc: denied { open } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 3.909749] type=1400 audit(1390866386.620:5): avc: denied { ioctl } for pid=98 comm="charger" path="/dev/graphics/fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file [ 4.889857] type=1400 audit(1390866387.605:6): avc: denied { read } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.890873] type=1400 audit(1390866387.605:7): avc: denied { open } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.891949] type=1400 audit(1390866387.605:8): avc: denied { search } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir [ 4.892677] type=1400 audit(1390866387.605:9): avc: denied { read } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 4.893576] type=1400 audit(1390866387.605:10): avc: denied { open } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file [ 7.288104] type=1400 audit(1390866389.999:12): avc: denied { execmem } for pid=98 comm="charger" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=process [ 7.288574] type=1400 audit(1390866389.999:13): avc: denied { execute } for pid=98 comm="charger" path="/dev/ashmem" dev="tmpfs" ino=4113 scontext=u:r:healthd:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file Change-Id: I0118e08514caa0ad11d2aa7562c9846a96779a21 2014-01-28 01:15:00 +01:00			`allow healthd ashmem_device:chr_file execute;`
			`allow healthd self:process execmem;`