2012-01-04 18:33:27 +01:00
|
|
|
# volume manager
|
|
|
|
type vold, domain;
|
|
|
|
type vold_exec, exec_type, file_type;
|
|
|
|
|
|
|
|
init_daemon_domain(vold)
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
|
|
|
|
typeattribute vold mlstrustedsubject;
|
|
|
|
allow vold system_file:file x_file_perms;
|
|
|
|
allow vold block_device:dir create_dir_perms;
|
|
|
|
allow vold block_device:blk_file create_file_perms;
|
|
|
|
allow vold device:dir write;
|
|
|
|
allow vold devpts:chr_file rw_file_perms;
|
|
|
|
allow vold rootfs:dir mounton;
|
|
|
|
allow vold sdcard_type:dir mounton;
|
|
|
|
allow vold sdcard_type:filesystem { mount remount unmount };
|
|
|
|
allow vold sdcard_type:dir create_dir_perms;
|
2013-11-15 01:07:57 +01:00
|
|
|
allow vold sdcard_type:file create_file_perms;
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
allow vold tmpfs:filesystem { mount unmount };
|
|
|
|
allow vold tmpfs:dir create_dir_perms;
|
|
|
|
allow vold tmpfs:dir mounton;
|
2013-07-09 00:48:36 +02:00
|
|
|
allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
allow vold self:netlink_kobject_uevent_socket *;
|
|
|
|
allow vold app_data_file:dir search;
|
|
|
|
allow vold app_data_file:file rw_file_perms;
|
|
|
|
allow vold loop_device:blk_file rw_file_perms;
|
|
|
|
allow vold dm_device:chr_file rw_file_perms;
|
|
|
|
# For vold Process::killProcessesWithOpenFiles function.
|
|
|
|
allow vold domain:dir r_dir_perms;
|
|
|
|
allow vold domain:{ file lnk_file } r_file_perms;
|
|
|
|
allow vold domain:process { signal sigkill };
|
2013-09-11 19:16:57 +02:00
|
|
|
allow vold self:capability { sys_ptrace kill };
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
|
2013-10-17 21:56:08 +02:00
|
|
|
# For blkid
|
|
|
|
allow vold shell_exec:file rx_file_perms;
|
|
|
|
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
# XXX Label sysfs files with a specific type?
|
|
|
|
allow vold sysfs:file rw_file_perms;
|
|
|
|
|
|
|
|
write_klog(vold)
|
|
|
|
|
2013-12-20 00:23:43 +01:00
|
|
|
# Log fsck results
|
|
|
|
allow vold fscklogs:dir rw_dir_perms;
|
|
|
|
allow vold fscklogs:file create_file_perms;
|
|
|
|
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
#
|
|
|
|
# Rules to support encrypted fs support.
|
|
|
|
#
|
|
|
|
|
|
|
|
# Set property.
|
|
|
|
unix_socket_connect(vold, property, init)
|
|
|
|
|
|
|
|
# Unmount and mount the fs.
|
|
|
|
allow vold labeledfs:filesystem { mount unmount remount };
|
|
|
|
|
|
|
|
# Access /efs/userdata_footer.
|
|
|
|
# XXX Split into a separate type?
|
|
|
|
allow vold efs_file:file rw_file_perms;
|
|
|
|
|
|
|
|
# Create and mount on /data/tmp_mnt.
|
|
|
|
allow vold system_data_file:dir { create rw_dir_perms mounton };
|
|
|
|
|
|
|
|
# Set scheduling policy of kernel processes
|
|
|
|
allow vold kernel:process setsched;
|
|
|
|
|
|
|
|
# Property Service
|
|
|
|
allow vold vold_prop:property_service set;
|
|
|
|
allow vold powerctl_prop:property_service set;
|
2013-09-10 04:58:44 +02:00
|
|
|
allow vold ctl_default_prop:property_service set;
|
Enable SELinux on vold
This change enables SELinux security enforcement on vold.
For the vold.te file ONLY, this change is conceptually a revert of
77d4731e9d30c8971e076e2469d6957619019921 and
50e37b93ac97631dcac6961285b92af5026557af, with the following
additional changes:
1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.
2) Addition of the powerctl property, which vold contacts to
tell init to reboot.
3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.
4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.
Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature. I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.
Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a
2013-06-29 05:15:37 +02:00
|
|
|
|
|
|
|
# ASEC
|
|
|
|
allow vold asec_image_file:file create_file_perms;
|
|
|
|
allow vold asec_image_file:dir rw_dir_perms;
|
|
|
|
security_access_policy(vold)
|
|
|
|
allow vold asec_apk_file:dir { rw_dir_perms setattr };
|
|
|
|
allow vold asec_apk_file:file { r_file_perms setattr };
|
2013-12-20 00:23:43 +01:00
|
|
|
|
|
|
|
# Handle wake locks (used for device encryption)
|
|
|
|
allow vold sysfs_wake_lock:file rw_file_perms;
|
|
|
|
allow vold self:capability2 block_suspend;
|