platform_system_sepolicy/public/watchdogd.te

# watchdogd seclabel is specified in init.<board>.rc
type watchdogd, domain;
type watchdogd_exec, system_file_type, exec_type, file_type;

allow watchdogd watchdog_device:chr_file rw_file_perms;
allow watchdogd kmsg_device:chr_file rw_file_perms;
watchdog security policy. Initial policy for software watchdog daemon which is started by init. Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> 2012-12-03 12:07:45 +01:00			`# watchdogd seclabel is specified in init.<board>.rc`
watchdog: remove domain_deprecated Change-Id: I60d66da98a8da9cd7a9d0130862242e09b7dccf1 2016-01-25 17:12:21 +01:00			`type watchdogd, domain;`
Introduce system_file_type system_file_type is a new attribute used to identify files which exist on the /system partition. It's useful for allow rules in init, which are based off of a blacklist of writable files. Additionally, it's useful for constructing neverallow rules to prevent regressions. Additionally, add commented out tests which enforce that all files on the /system partition have the system_file_type attribute. These tests will be uncommented in a future change after all the device-specific policies are cleaned up. Test: Device boots and no obvious problems. Change-Id: Id9bae6625f042594c8eba74ca712abb09702c1e5 2018-09-27 19:21:37 +02:00			`type watchdogd_exec, system_file_type, exec_type, file_type;`
Move watchdogd out of init and into its own domain Bug: 73660730 Test: watchdogd still runs Change-Id: I31697c7c6fa2f7009731ff48c659af051838e42f 2018-08-02 00:48:20 +02:00
Confine watchdogd, but leave it permissive for now. Change-Id: If2285e927cb886956b3314dd18384145a1ebeaa9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-29 19:42:41 +01:00			`allow watchdogd watchdog_device:chr_file rw_file_perms;`
Allow /dev/klog access, drop mknod and __null__ access Allow vold, healthd, slideshow, and watchdogd access to /dev/kmsg. These processes log to the kernel dmesg ring buffer, so they need write access to that file. Addresses the following denials: avc: denied { write } for pid=134 comm="watchdogd" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:watchdogd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 avc: denied { write } for pid=166 comm="healthd" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:healthd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 avc: denied { write } for pid=180 comm="vold" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:vold:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 These denials were triggered by the change in https://android-review.googlesource.com/151209 . Prior to that change, any code which called klog_init would (unnecessarily) create the device node themselves, rather than using the already existing device node. Drop special /dev/__null__ handling from watchdogd. As of https://android-review.googlesource.com/148288 , watchdogd no longer creates it's own /dev/null device, so it's unnecessary for us to allow for it. Drop mknod from healthd, slideshow, and watchdogd. healthd and slideshow only needed mknod to create /dev/__kmsg__, which is now obsolete. watchdogd only needed mknod to create /dev/__kmsg__ and /dev/__null__, which again is now obsolete. Bug: 21242418 Change-Id: If01c8001084575e7441253f0fa8b4179ae33f534 2015-06-06 16:42:37 +02:00			`allow watchdogd kmsg_device:chr_file rw_file_perms;`