2017-04-17 22:08:44 +02:00
|
|
|
# HwBinder IPC from client to server
|
|
|
|
|
binder_call(hal_configstore_client, hal_configstore_server)
|
2017-04-14 04:05:27 +02:00
|
|
|
|
Make hal_configstore consistent.
Previously, supposedly, each individual client of configstore
was supposed to add the add_hwservice attribute itself to get
ahold of the specific sub-interface of configstore relevant to
it. However, there is only one configstore interface,
ISurfaceFlingerConfigs.
From this point onward, the configstore hal is to be thought of
as specifically relating to surface flinger. Other properties
may be added as other attributes/packages.
For instance, if we want a configstore entry for 'IFooConfig',
then we would add the configuration to one of the following
packages:
- android.hardware.foo@X.Y (to the interface itself)
- android.hardware.foo.config@X.Y (to a configuration of the interface)
- android.hardware.configstore.foo@X.Y (as a sub-interface of configstore)
and then it could be associated with the sepolicy attributes
(respectively):
- hal_foo
- hal_foo_config (or just hal_foo if they are 1-1)
- hal_configstore_foo
The specific pattern to be followed irrelevant to this CL
and subject to future discussion, the point being that we're going
to have a separate sepolicy attribute (and package, although this
isn't strictly necessary) for each separate domain's configuration.
Fixes: 109806245
Test: boot walleye, check for denials
Change-Id: If661e3fca012017a6c854fe3f02df4b779d514df
2018-06-06 21:55:06 +02:00
|
|
|
hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs)
|
2017-09-26 21:58:29 +02:00
|
|
|
|
|
|
|
|
# hal_configstore runs with a strict seccomp filter. Use crash_dump's
|
|
|
|
|
# fallback path to collect crash data.
|
|
|
|
|
crash_dump_fallback(hal_configstore_server)
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
### neverallow rules
|
|
|
|
|
###
|
|
|
|
|
|
|
|
|
|
# Should never execute an executable without a domain transition
|
|
|
|
|
neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans;
|
|
|
|
|
|
|
|
|
|
# Should never need network access. Disallow sockets except for
|
|
|
|
|
# for unix stream/dgram sockets used for logging/debugging.
|
|
|
|
|
neverallow hal_configstore_server domain:{
|
|
|
|
|
rawip_socket tcp_socket udp_socket
|
|
|
|
|
netlink_route_socket netlink_selinux_socket
|
|
|
|
|
socket netlink_socket packet_socket key_socket appletalk_socket
|
|
|
|
|
netlink_tcpdiag_socket netlink_nflog_socket
|
|
|
|
|
netlink_xfrm_socket netlink_audit_socket
|
|
|
|
|
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
|
|
|
|
|
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
|
|
|
|
|
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
|
|
|
|
|
netlink_rdma_socket netlink_crypto_socket
|
|
|
|
|
} *;
|
|
|
|
|
neverallow hal_configstore_server {
|
|
|
|
|
domain
|
|
|
|
|
-hal_configstore_server
|
|
|
|
|
-logd
|
|
|
|
|
userdebug_or_eng(`-su')
|
|
|
|
|
-tombstoned
|
2018-11-27 12:09:14 +01:00
|
|
|
userdebug_or_eng(`-heapprofd')
|
2020-01-22 21:00:13 +01:00
|
|
|
userdebug_or_eng(`-traced_perf')
|
2017-09-26 21:58:29 +02:00
|
|
|
}:{ unix_dgram_socket unix_stream_socket } *;
|
|
|
|
|
|
|
|
|
|
# Should never need access to anything on /data
|
|
|
|
|
neverallow hal_configstore_server {
|
|
|
|
|
data_file_type
|
|
|
|
|
-anr_data_file # for crash dump collection
|
|
|
|
|
-tombstone_data_file # for crash dump collection
|
|
|
|
|
-zoneinfo_data_file # granted to domain
|
2019-06-14 00:05:15 +02:00
|
|
|
with_native_coverage(`-method_trace_data_file')
|
2017-09-26 21:58:29 +02:00
|
|
|
}:{ file fifo_file sock_file } *;
|
|
|
|
|
|
|
|
|
|
# Should never need sdcard access
|
2018-03-30 20:22:54 +02:00
|
|
|
neverallow hal_configstore_server {
|
|
|
|
|
sdcard_type
|
|
|
|
|
fuse sdcardfs vfat exfat # manual expansion for completeness
|
|
|
|
|
}:dir ~getattr;
|
|
|
|
|
neverallow hal_configstore_server {
|
|
|
|
|
sdcard_type
|
|
|
|
|
fuse sdcardfs vfat exfat # manual expansion for completeness
|
|
|
|
|
}:file *;
|
2017-09-26 21:58:29 +02:00
|
|
|
|
|
|
|
|
# Do not permit access to service_manager and vndservice_manager
|
|
|
|
|
neverallow hal_configstore_server *:service_manager *;
|
|
|
|
|
|
|
|
|
|
# No privileged capabilities
|
|
|
|
|
neverallow hal_configstore_server self:capability_class_set *;
|
|
|
|
|
|
|
|
|
|
# No ptracing other processes
|
|
|
|
|
neverallow hal_configstore_server *:process ptrace;
|
|
|
|
|
|
|
|
|
|
# no relabeling
|
|
|
|
|
neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto };
|
