tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/kernel.te

34 lines
1.4 KiB
Text
Raw Normal View History

Vendor domains must not use Binder On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor apps) are not permitted to use Binder. This commit thus: * groups non-vendor domains using the new "coredomain" attribute, * adds neverallow rules restricting Binder use to coredomain and appdomain only, and * temporarily exempts the domains which are currently violating this rule from this restriction. These domains are grouped using the new "binder_in_vendor_violators" attribute. The attribute is needed because the types corresponding to violators are not exposed to the public policy where the neverallow rules are. Test: mmm system/sepolicy Test: Device boots, no new denials Test: In Chrome, navigate to ip6.me, play a YouTube video Test: YouTube: play a video Test: Netflix: play a movie Test: Google Camera: take a photo, take an HDR+ photo, record video with sound, record slow motion video with sound. Confirm videos play back fine and with sound. Bug: 35870313 Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
2017-03-23 22:27:32 +01:00
typeattribute kernel coredomain;
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
2016-07-22 22:13:11 +02:00
domain_auto_trans(kernel, init_exec, init)
Add a kernel transition to snapuserd. The initial launch of snapuserd happens in first-stage init, before sepolicy is loaded, since snapuserd is needed to mount initial partitions. After sepolicy is loaded, we immediately re-launch snapuserd in the correct context. This requires a transition similar to init. The "allow" lines for the kernel happen in permissive mode, since we need to relabel critical parts of /dev/block in order to re-launch snapuserd. Bug: 173476209 Test: OTA applies with ro.virtual_ab.compression.enabled = true Change-Id: I80184e737ccb558107a14b384a61f7fec31c9428
2020-12-03 06:15:08 +01:00
domain_auto_trans(kernel, snapuserd_exec, snapuserd)
Sepolicy: Move otapreopt_chroot to private Move complete domain to private/. Move referencing parts in domain and kernel to private. Bug: 128840749 Test: m Change-Id: I5572c3b04e41141c8f4db62b1361e2b392a5e2da
2019-03-18 18:54:42 +01:00
# Allow the kernel to read otapreopt_chroot's file descriptors and files under
# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
allow kernel otapreopt_chroot:fd use;
allow kernel postinstall_file:file read;
Add a kernel transition to snapuserd. The initial launch of snapuserd happens in first-stage init, before sepolicy is loaded, since snapuserd is needed to mount initial partitions. After sepolicy is loaded, we immediately re-launch snapuserd in the correct context. This requires a transition similar to init. The "allow" lines for the kernel happen in permissive mode, since we need to relabel critical parts of /dev/block in order to re-launch snapuserd. Bug: 173476209 Test: OTA applies with ro.virtual_ab.compression.enabled = true Change-Id: I80184e737ccb558107a14b384a61f7fec31c9428
2020-12-03 06:15:08 +01:00
# The following sections are for the transition period during a Virtual A/B
# OTA. Once sepolicy is loaded, snapuserd must be re-launched in the correct
# context, and with properly labelled devices. This must be done before
# enabling enforcement, eg, in permissive mode while still in the kernel
# context.
allow kernel tmpfs:blk_file { getattr relabelfrom };
allow kernel tmpfs:chr_file { getattr relabelfrom };
allow kernel tmpfs:lnk_file { getattr relabelfrom };
allow kernel tmpfs:dir { open read relabelfrom };
allow kernel block_device:blk_file relabelto;
allow kernel block_device:lnk_file relabelto;
allow kernel dm_device:chr_file relabelto;
allow kernel dm_device:blk_file relabelto;
allow kernel dm_user_device:dir { read open search relabelto };
allow kernel dm_user_device:chr_file relabelto;
allow kernel kmsg_device:chr_file relabelto;
allow kernel null_device:chr_file relabelto;
allow kernel random_device:chr_file relabelto;
allow kernel snapuserd_exec:file relabelto;
allow kernel kmsg_device:chr_file write;
Add permissions required to install the DSU to a SD card Bug: 171861574 Test: execute following command on a device with a SD card inserted adb shell am start-activity \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system.raw.gz \ --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \ --el KEY_USERDATA_SIZE 4294967296 Change-Id: I5c1c170ade9c570c7dab7cb7aff5f099db4b3d8c
2021-01-14 08:27:50 +01:00
allow kernel gsid:fd use;
Reference in a new issue Copy permalink