2015-11-03 18:54:39 +01:00
|
|
|
type keystore, domain, domain_deprecated;
|
2012-01-04 18:33:27 +01:00
|
|
|
type keystore_exec, exec_type, file_type;
|
|
|
|
|
|
|
|
# keystore daemon
|
2013-10-29 19:42:37 +01:00
|
|
|
typeattribute keystore mlstrustedsubject;
|
|
|
|
binder_use(keystore)
|
|
|
|
binder_service(keystore)
|
2016-06-03 20:36:41 +02:00
|
|
|
binder_call(keystore, system_server)
|
2017-01-28 00:00:27 +01:00
|
|
|
|
|
|
|
# talk to keymaster
|
2017-02-23 04:48:17 +01:00
|
|
|
hal_client_domain(keystore, hal_keymaster)
|
2017-01-28 00:00:27 +01:00
|
|
|
|
Wifi Keystore HAL is not a HAL
Wifi Keystore HAL is a HwBinder service (currently offered by keystore
daemon) which is used by Wifi Supplicant HAL. This commit thus
switches the SELinux policy of Wifi Keystore HAL to the approach used
for non-HAL HwBinder services.
The basic idea is simimilar to how we express Binder services in the
policy, with two tweaks: (1) we don't have 'hwservicemanager find' and
thus there's no add_hwservice macro, and (2) we need loosen the
coupling between core and vendor components. For example, it should be
possible to move a HwBinder service offered by a core component into
another core component, without having to update the SELinux policy of
the vendor image. We thus annotate all components offering HwBinder
service x across the core-vendor boundary with x_server, which enables
the policy of clients to contain rules of the form:
binder_call(mydomain, x_server), and, if the service uses IPC
callbacks, also binder_call(x_server, mydomain).
Test: mmm system/sepolicy
Test: sesearch indicates to changes to binder { call transfer} between
keystore and hal_wifi_supplicant_default domains
Bug: 36896667
Change-Id: I45c4ce8159b63869d7bb6df5c812c5291776d892
2017-04-04 23:56:31 +02:00
|
|
|
# Offer the Wifi Keystore HwBinder service
|
|
|
|
hwbinder_use(keystore)
|
|
|
|
typeattribute keystore wifi_keystore_service_server;
|
2017-03-29 00:45:42 +02:00
|
|
|
|
2013-10-29 19:42:37 +01:00
|
|
|
allow keystore keystore_data_file:dir create_dir_perms;
|
|
|
|
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
|
|
|
|
allow keystore keystore_exec:file { getattr };
|
2014-05-09 08:28:52 +02:00
|
|
|
|
2017-01-19 22:23:52 +01:00
|
|
|
add_service(keystore, keystore_service)
|
2016-06-03 20:36:41 +02:00
|
|
|
allow keystore sec_key_att_app_id_provider_service:service_manager find;
|
2015-03-13 21:42:42 +01:00
|
|
|
|
|
|
|
# Check SELinux permissions.
|
|
|
|
selinux_check_access(keystore)
|
|
|
|
|
2016-09-10 01:27:17 +02:00
|
|
|
r_dir_file(keystore, cgroup)
|
|
|
|
|
2014-05-09 08:28:52 +02:00
|
|
|
###
|
|
|
|
### Neverallow rules
|
|
|
|
###
|
2014-05-20 06:49:50 +02:00
|
|
|
### Protect ourself from others
|
2014-05-09 08:28:52 +02:00
|
|
|
###
|
|
|
|
|
2015-04-10 16:42:32 +02:00
|
|
|
neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
|
2014-05-09 08:28:52 +02:00
|
|
|
neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
|
|
|
|
|
2014-10-22 17:13:17 +02:00
|
|
|
neverallow { domain -keystore -init } keystore_data_file:dir *;
|
|
|
|
neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
|
2014-05-20 06:49:50 +02:00
|
|
|
|
2016-02-05 23:48:03 +01:00
|
|
|
neverallow * keystore:process ptrace;
|