2016-06-18 00:05:10 +02:00
|
|
|
# storaged daemon
|
2017-03-23 22:27:32 +01:00
|
|
|
type storaged, domain, coredomain, mlstrustedsubject;
|
2018-09-27 19:21:37 +02:00
|
|
|
type storaged_exec, system_file_type, exec_type, file_type;
|
2016-06-18 00:05:10 +02:00
|
|
|
|
|
|
|
init_daemon_domain(storaged)
|
|
|
|
|
|
|
|
# Read access to pseudo filesystems
|
2016-07-01 21:18:54 +02:00
|
|
|
r_dir_file(storaged, domain)
|
2016-06-18 00:05:10 +02:00
|
|
|
|
2017-01-12 01:20:49 +01:00
|
|
|
# Read /proc/uid_io/stats
|
|
|
|
allow storaged proc_uid_io_stats:file r_file_perms;
|
|
|
|
|
2017-01-21 05:29:13 +01:00
|
|
|
# Read /data/system/packages.list
|
|
|
|
allow storaged system_data_file:file r_file_perms;
|
Relabel /data/system/packages.list to new type.
Conservatively grant access to packages_list_file to everything that had
access to system_data_file:file even if the comment in the SELinux
policy suggests it was for another use.
Ran a diff on the resulting SEPolicy, the only difference of domains
being granted is those that had system_data_file:dir permissiosn which
is clearly not applicable for packages.list
diff -u0 <(sesearch --allow -t system_data_file ~/sepolicy | sed 's/system_data_file/packages_list_file/') <(sesearch --allow -t packages_list_file ~/sepolicy_new)
--- /proc/self/fd/16 2019-03-19 20:01:44.378409146 +0000
+++ /proc/self/fd/18 2019-03-19 20:01:44.378409146 +0000
@@ -3 +2,0 @@
-allow appdomain packages_list_file:dir getattr;
@@ -6 +4,0 @@
-allow coredomain packages_list_file:dir getattr;
@@ -8 +5,0 @@
-allow domain packages_list_file:dir search;
@@ -35 +31,0 @@
-allow system_server packages_list_file:dir { rename search setattr read lock create reparent getattr write relabelfrom ioctl rmdir remove_name open add_name };
@@ -40 +35,0 @@
-allow tee packages_list_file:dir { search read lock getattr ioctl open };
@@ -43,3 +37,0 @@
-allow traced_probes packages_list_file:dir { read getattr open search };
-allow vendor_init packages_list_file:dir { search setattr read create getattr write relabelfrom ioctl rmdir remove_name open add_name };
-allow vold packages_list_file:dir { search setattr read lock create getattr mounton write ioctl rmdir remove_name open add_name };
@@ -48 +39,0 @@
-allow vold_prepare_subdirs packages_list_file:dir { read write relabelfrom rmdir remove_name open add_name };
@@ -50 +40,0 @@
-allow zygote packages_list_file:dir { search read lock getattr ioctl open };
Bug: 123186697
Change-Id: Ieabf313653deb5314872b63cd47dadd535af7b07
2019-03-19 19:14:38 +01:00
|
|
|
allow storaged packages_list_file:file r_file_perms;
|
2017-01-21 05:29:13 +01:00
|
|
|
|
2017-08-15 02:01:25 +02:00
|
|
|
# Store storaged proto file
|
|
|
|
allow storaged storaged_data_file:dir rw_dir_perms;
|
|
|
|
allow storaged storaged_data_file:file create_file_perms;
|
|
|
|
|
2016-07-01 21:18:54 +02:00
|
|
|
userdebug_or_eng(`
|
|
|
|
# Read access to debugfs
|
|
|
|
allow storaged debugfs_mmc:dir search;
|
|
|
|
allow storaged debugfs_mmc:file r_file_perms;
|
|
|
|
')
|
2016-06-18 00:05:10 +02:00
|
|
|
|
2017-03-23 20:28:20 +01:00
|
|
|
# Needed to provide debug dump output via dumpsys pipes.
|
|
|
|
allow storaged shell:fd use;
|
|
|
|
allow storaged shell:fifo_file write;
|
|
|
|
|
2017-04-13 02:38:11 +02:00
|
|
|
# Needed for GMScore to call dumpsys storaged
|
|
|
|
allow storaged priv_app:fd use;
|
2019-12-11 21:49:04 +01:00
|
|
|
# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
|
|
|
|
# Remove after no logs are seen for this rule.
|
|
|
|
userdebug_or_eng(`
|
|
|
|
auditallow storaged priv_app:fd use;
|
|
|
|
')
|
|
|
|
allow storaged gmscore_app:fd use;
|
2018-08-03 00:54:23 +02:00
|
|
|
allow storaged { privapp_data_file app_data_file }:file write;
|
2017-04-13 02:38:11 +02:00
|
|
|
allow storaged permission_service:service_manager find;
|
|
|
|
|
2016-07-01 21:18:54 +02:00
|
|
|
# Binder permissions
|
2017-01-19 22:23:52 +01:00
|
|
|
add_service(storaged, storaged_service)
|
2017-01-12 01:20:49 +01:00
|
|
|
|
2016-07-01 21:18:54 +02:00
|
|
|
binder_use(storaged)
|
|
|
|
binder_call(storaged, system_server)
|
|
|
|
|
2017-09-26 04:40:59 +02:00
|
|
|
hal_client_domain(storaged, hal_health)
|
2017-02-06 20:04:31 +01:00
|
|
|
|
2017-05-03 19:26:40 +02:00
|
|
|
# Implements a dumpsys interface.
|
|
|
|
allow storaged dumpstate:fd use;
|
|
|
|
|
2017-08-02 16:27:44 +02:00
|
|
|
# use a subset of the package manager service
|
|
|
|
allow storaged package_native_service:service_manager find;
|
|
|
|
|
2017-02-23 02:27:57 +01:00
|
|
|
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
|
|
|
|
# running as root. See b/35323867 #3.
|
2018-09-07 00:19:40 +02:00
|
|
|
dontaudit storaged self:global_capability_class_set { dac_override dac_read_search };
|
2017-02-23 02:27:57 +01:00
|
|
|
|
2018-03-02 23:14:44 +01:00
|
|
|
# For collecting bugreports.
|
|
|
|
allow storaged dumpstate:fifo_file write;
|
|
|
|
|
2016-07-01 21:18:54 +02:00
|
|
|
###
|
|
|
|
### neverallow
|
|
|
|
###
|
|
|
|
neverallow storaged domain:process ptrace;
|
2017-02-23 02:27:57 +01:00
|
|
|
neverallow storaged self:capability_class_set *;
|