Add sepolicy for fastbootd

Also allow adb and fastboot to talk to recovery
through recovery_socket. This enables changing
between modes with usb commands.

Test: No selinux denials
Bug: 78793464
Change-Id: I80c54d4eaf3b94a1fe26d2280af4e57cb1593790
This commit is contained in:
Jerry Zhang 2018-05-29 10:54:16 -07:00 committed by Hridya Valsaraju
parent c2ab15b798
commit 1d85efa9f4
11 changed files with 92 additions and 4 deletions

View file

@ -18,6 +18,9 @@ userdebug_or_eng(`
recovery_only(`
domain_trans(adbd, rootfs, shell)
allow adbd shell:process dyntransition;
# Allows reboot fastboot to enter fastboot directly
unix_socket_connect(adbd, recovery, recovery)
')
# Do not sanitize the environment or open fds of the shell. Allow signaling

View file

@ -49,6 +49,7 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
fastbootd
fingerprint_vendor_data_file
fs_bpf
hal_audiocontrol_hwservice
@ -96,6 +97,7 @@
perfetto_traces_data_file
perfprofd_service
property_info
recovery_socket
secure_element
secure_element_device
secure_element_tmpfs

View file

@ -45,6 +45,7 @@
exported_system_radio_prop
exported_vold_prop
exported_wifi_prop
fastbootd
fingerprint_vendor_data_file
fs_bpf
hal_audiocontrol_hwservice
@ -83,6 +84,7 @@
perfetto_traces_data_file
perfprofd_service
property_info
recovery_socket
secure_element
secure_element_device
secure_element_service

View file

@ -5,6 +5,7 @@
(typeattributeset new_objects
( activity_task_service
adb_service
fastbootd
hal_health_filesystem_hwservice
hal_system_suspend_default
hal_system_suspend_default_exec
@ -14,6 +15,7 @@
llkd_tmpfs
mnt_product_file
overlayfs_file
recovery_socket
system_lmk_prop
system_suspend_hwservice
time_prop

1
private/fastbootd.te Normal file
View file

@ -0,0 +1 @@
typeattribute fastbootd coredomain;

View file

@ -149,6 +149,7 @@
/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/racoon u:object_r:racoon_socket:s0
/dev/socket/recovery u:object_r:recovery_socket:s0
/dev/socket/rild u:object_r:rild_socket:s0
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0

View file

@ -9,6 +9,7 @@ domain_trans(init, rootfs, slideshow)
domain_auto_trans(init, e2fs_exec, e2fs)
recovery_only(`
domain_trans(init, rootfs, adbd)
domain_trans(init, rootfs, fastbootd)
domain_trans(init, rootfs, recovery)
')
domain_trans(init, shell_exec, shell)

View file

@ -557,6 +557,7 @@ neverallow {
domain
-adbd
-dumpstate
-fastbootd
-hal_drm_server
-hal_cas_server
-init
@ -591,11 +592,21 @@ neverallow {
-fsck
} metadata_block_device:blk_file { append link rename write open read ioctl lock };
# No domain other than recovery and update_engine can write to system partition(s).
neverallow { domain -recovery -update_engine } system_block_device:blk_file { write append };
# No domain other than recovery, update_engine and fastbootd can write to system partition(s).
neverallow {
domain
-fastbootd
-recovery
-update_engine
} system_block_device:blk_file { write append };
# No domains other than install_recovery or recovery can write to recovery.
neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file { write append };
# No domains other than install_recovery, recovery or fastbootd can write to recovery.
neverallow {
domain
-fastbootd
-install_recovery
-recovery
} recovery_block_device:blk_file { write append };
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
@ -604,6 +615,7 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file
neverallow {
domain
userdebug_or_eng(`-domain') # exclude debuggable builds
-fastbootd
-hal_bootctl_server
-init
-uncrypt

59
public/fastbootd.te Normal file
View file

@ -0,0 +1,59 @@
# fastbootd (used in recovery init.rc for /sbin/fastbootd)
# Declare the domain unconditionally so we can always reference it
# in neverallow rules.
type fastbootd, domain;
# But the allow rules are only included in the recovery policy.
# Otherwise fastbootd is only allowed the domain rules.
recovery_only(`
# fastbootd can only use HALs in passthrough mode
passthrough_hal_client_domain(fastbootd, hal_bootctl)
# Access /dev/usb-ffs/fastbootd/ep0
allow fastbootd functionfs:dir search;
allow fastbootd functionfs:file rw_file_perms;
# Log to serial
allow fastbootd kmsg_device:chr_file { open write };
# battery info
allow fastbootd sysfs_batteryinfo:file r_file_perms;
allow fastbootd device:dir r_dir_perms;
# Reboot the device
set_prop(fastbootd, powerctl_prop)
# Read serial number of the device from system properties
get_prop(fastbootd, serialno_prop)
# Set sys.usb.ffs.ready.
set_prop(fastbootd, ffs_prop)
set_prop(fastbootd, exported_ffs_prop)
unix_socket_connect(fastbootd, recovery, recovery)
# Required for flashing
allow fastbootd dm_device:chr_file rw_file_perms;
allow fastbootd dm_device:blk_file rw_file_perms;
allow fastbootd system_block_device:blk_file rw_file_perms;
allow fastbootd boot_block_device:blk_file rw_file_perms;
allow fastbootd misc_block_device:blk_file rw_file_perms;
allow fastbootd proc_cmdline:file r_file_perms;
allow fastbootd rootfs:dir r_dir_perms;
allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
')
###
### neverallow rules
###
# Write permission is required to wipe userdata
# until recovery supports vold.
neverallow fastbootd {
data_file_type
}:file { no_x_file_perms };

View file

@ -342,6 +342,7 @@ type mtpd_socket, file_type, coredomain_socket;
type netd_socket, file_type, coredomain_socket;
type property_socket, file_type, coredomain_socket, mlstrustedobject;
type racoon_socket, file_type, coredomain_socket;
type recovery_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;

View file

@ -118,6 +118,10 @@ recovery_only(`
set_prop(recovery, ffs_prop)
set_prop(recovery, exported_ffs_prop)
# Set sys.usb.config when switching into fastboot.
set_prop(recovery, system_radio_prop)
set_prop(recovery, exported_system_radio_prop)
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)