platform_system_sepolicy/microdroid/system/private/shell.te

typeattribute shell coredomain;

# allow shell input injection
allow shell uhid_device:chr_file rw_file_perms;

# Perform SELinux access checks, needed for CTS
selinux_check_access(shell)
selinux_check_context(shell)

# Allow shell to run adb shell cmd stats commands. Needed for CTS.
binder_call(shell, statsd);

# Allow shell to launch microdroid_launcher in its own domain
# TODO(b/186396070) remove this when microdroid_manager can do this
domain_auto_trans(shell, microdroid_app_exec, microdroid_app)
domain_auto_trans(shell, microdroid_manager_exec, microdroid_manager)

# Connect to adbd and use a socket transferred from it.
# This is used for e.g. adb backup/restore.
allow shell adbd:unix_stream_socket connectto;
allow shell adbd:fd use;
allow shell adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };

# filesystem test for insecure chr_file's is done
# via a host side test
allow shell dev_type:dir r_dir_perms;
allow shell dev_type:chr_file getattr;

# filesystem test for insucre blk_file's is done
# via hostside test
allow shell dev_type:blk_file getattr;

# Test tool automatically tries to access /sys/class/power_supply.
# Suppressing it as we don't need power_supply in microdroid.
dontaudit shell sysfs:dir r_dir_perms;

# Test tool tries to read various service status properties.
get_prop(shell, boot_status_prop)
get_prop(shell, init_service_status_prop)
get_prop(shell, init_service_status_private_prop)

set_prop(shell, log_tag_prop)
Remove redundant sepolicy We don't use MLS in Microdroid, so we don't need MLS rules, nor mlstrusted[subject\|object] labels. (We keep one MLS rule to satisfy checkpolicy.) A lot of attributes are unused in Microdroid, so we can remove their declarations and any references to them. (That may not make the compiled policy smaller, since hopefully they get optimised out anyway, but it means there is less policy for humans to deal with.) Remove labels that relate only to apps, which we don't have - MAC permissions, run-as, seapp_contexts. In passing, fix a comment snafu in both system & microdroid policy. Bug: 223596375 Test: Run staged-apex-compile & compos_verify, no denials Test: atest MicrodroidTests MicrodroidHostTestCases Change-Id: Ifd3589945a2d8b4c0361e00eec5678795513fd8c 2022-03-09 17:41:06 +01:00			`typeattribute shell coredomain;`
Move microdroid sepolicy to system/sepolicy Bug: 190511750 Test: boot microdroid Change-Id: I4aa4a56e9be5103d70469c3508110a973f3e4f12 2021-07-19 09:48:34 +02:00
			`# allow shell input injection`
			`allow shell uhid_device:chr_file rw_file_perms;`

			`# Perform SELinux access checks, needed for CTS`
			`selinux_check_access(shell)`
			`selinux_check_context(shell)`

			`# Allow shell to run adb shell cmd stats commands. Needed for CTS.`
			`binder_call(shell, statsd);`

			`# Allow shell to launch microdroid_launcher in its own domain`
			`# TODO(b/186396070) remove this when microdroid_manager can do this`
			`domain_auto_trans(shell, microdroid_app_exec, microdroid_app)`
			`domain_auto_trans(shell, microdroid_manager_exec, microdroid_manager)`

			`# Connect to adbd and use a socket transferred from it.`
			`# This is used for e.g. adb backup/restore.`
			`allow shell adbd:unix_stream_socket connectto;`
			`allow shell adbd:fd use;`
			`allow shell adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };`

			`# filesystem test for insecure chr_file's is done`
			`# via a host side test`
			`allow shell dev_type:dir r_dir_perms;`
			`allow shell dev_type:chr_file getattr;`

			`# filesystem test for insucre blk_file's is done`
			`# via hostside test`
			`allow shell dev_type:blk_file getattr;`
Suppress power_supply access inside microdroid Bug: 193118220 Test: atest MicrodroidHostTestCases Change-Id: I3dbdcb831c61e9bd24cfdaa10beba9e856e605af 2021-08-05 04:05:16 +02:00
			`# Test tool automatically tries to access /sys/class/power_supply.`
			`# Suppressing it as we don't need power_supply in microdroid.`
			`dontaudit shell sysfs:dir r_dir_perms;`
microdroid: Narrow property permissions microdroid's domains have been able to read/write any properties. That's just for convenience while bringing up microdroid. This cleans up such global permission and grants minimal access. Bug: 194447534 Test: atest MicrodroidHostTestCases ComposHostTestCases Test: run microdroid demo app Change-Id: I09ce1174d4af9c228b788a522a6ab845cafd4505 2021-09-17 12:31:45 +02:00
			`# Test tool tries to read various service status properties.`
Allow microdroid_manager to set dev.bootcomplete ... and shell to get the same property for testing. Bug: 230774156 Test: atest MicrodroidTestCase Change-Id: Iaf04072c2b394d44ef1253fd048d5ccf757a8b89 2022-05-02 18:47:11 +02:00			`get_prop(shell, boot_status_prop)`
microdroid: Narrow property permissions microdroid's domains have been able to read/write any properties. That's just for convenience while bringing up microdroid. This cleans up such global permission and grants minimal access. Bug: 194447534 Test: atest MicrodroidHostTestCases ComposHostTestCases Test: run microdroid demo app Change-Id: I09ce1174d4af9c228b788a522a6ab845cafd4505 2021-09-17 12:31:45 +02:00			`get_prop(shell, init_service_status_prop)`
			`get_prop(shell, init_service_status_private_prop)`

			`set_prop(shell, log_tag_prop)`