Revert "Revert "Reduce the number of processes that can start adbd""
This reverts commit b5dc6137ad
.
Reason for revert: Reverted incorrect change
Change-Id: Ieafa3338e28ffeed40bcceb73486cffbfbd08b9d
This commit is contained in:
parent
b5dc6137ad
commit
22f98197b2
7 changed files with 16 additions and 3 deletions
|
@ -121,7 +121,7 @@
|
||||||
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
||||||
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
||||||
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
||||||
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
|
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
|
||||||
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
||||||
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
||||||
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
||||||
|
|
|
@ -826,7 +826,7 @@
|
||||||
(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
|
(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
|
||||||
(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
|
(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
|
||||||
(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
|
(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
|
||||||
(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
|
(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
|
||||||
(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
|
(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
|
||||||
(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
|
(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
|
||||||
(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
|
(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
|
||||||
|
|
|
@ -115,6 +115,11 @@ ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
|
||||||
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
|
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
|
||||||
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
|
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
|
||||||
|
|
||||||
|
# Restrict access to starting/stopping adbd
|
||||||
|
ctl.start$adbd u:object_r:ctl_adbd_prop:s0
|
||||||
|
ctl.stop$adbd u:object_r:ctl_adbd_prop:s0
|
||||||
|
ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
|
||||||
|
|
||||||
# NFC properties
|
# NFC properties
|
||||||
nfc. u:object_r:nfc_prop:s0
|
nfc. u:object_r:nfc_prop:s0
|
||||||
|
|
||||||
|
|
|
@ -2,3 +2,7 @@
|
||||||
# it lives in the rootfs and has no unique file type.
|
# it lives in the rootfs and has no unique file type.
|
||||||
type adbd, domain;
|
type adbd, domain;
|
||||||
type adbd_exec, exec_type, file_type;
|
type adbd_exec, exec_type, file_type;
|
||||||
|
|
||||||
|
# Only init is allowed to enter the adbd domain via exec()
|
||||||
|
neverallow { domain -init } adbd:process transition;
|
||||||
|
neverallow * adbd:process dyntransition;
|
||||||
|
|
|
@ -5,6 +5,7 @@ type bluetooth_prop, property_type;
|
||||||
type bootloader_boot_reason_prop, property_type;
|
type bootloader_boot_reason_prop, property_type;
|
||||||
type config_prop, property_type, core_property_type;
|
type config_prop, property_type, core_property_type;
|
||||||
type cppreopt_prop, property_type, core_property_type;
|
type cppreopt_prop, property_type, core_property_type;
|
||||||
|
type ctl_adbd_prop, property_type;
|
||||||
type ctl_bootanim_prop, property_type;
|
type ctl_bootanim_prop, property_type;
|
||||||
type ctl_bugreport_prop, property_type;
|
type ctl_bugreport_prop, property_type;
|
||||||
type ctl_console_prop, property_type;
|
type ctl_console_prop, property_type;
|
||||||
|
@ -327,6 +328,7 @@ compatible_property_only(`
|
||||||
-boottime_prop
|
-boottime_prop
|
||||||
-config_prop
|
-config_prop
|
||||||
-cppreopt_prop
|
-cppreopt_prop
|
||||||
|
-ctl_adbd_prop
|
||||||
-ctl_bootanim_prop
|
-ctl_bootanim_prop
|
||||||
-ctl_bugreport_prop
|
-ctl_bugreport_prop
|
||||||
-ctl_console_prop
|
-ctl_console_prop
|
||||||
|
|
|
@ -109,7 +109,7 @@ recovery_only(`
|
||||||
set_prop(recovery, powerctl_prop)
|
set_prop(recovery, powerctl_prop)
|
||||||
|
|
||||||
# Start/stop adbd via ctl.start adbd
|
# Start/stop adbd via ctl.start adbd
|
||||||
set_prop(recovery, ctl_default_prop)
|
set_prop(recovery, ctl_adbd_prop)
|
||||||
|
|
||||||
# Read serial number of the device from system properties
|
# Read serial number of the device from system properties
|
||||||
get_prop(recovery, serialno_prop)
|
get_prop(recovery, serialno_prop)
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
type usbd, domain;
|
type usbd, domain;
|
||||||
type usbd_exec, exec_type, file_type;
|
type usbd_exec, exec_type, file_type;
|
||||||
|
|
||||||
|
# Start/stop adbd via ctl.start adbd
|
||||||
|
set_prop(usbd, ctl_adbd_prop)
|
||||||
|
|
Loading…
Reference in a new issue