sepolicy: Allow apps to read ashmem fds from system_server
Kernel commit 8a2af06415ef0fc922162503dd18da0d9be7771f (ashmem: switch to ->read_iter) switched ashmem from using __vfs_read to vfs_iter_read to read the backing shmem file. Prior to this, reading from an ashmem fd that was passed between processes didn't hit any permission checks; now SELinux checks that the receiver can read from the creator's file context. Some apps receive buffers through ashmem from system_server, e.g., the settings app reads battery stats from system_server through ashmem when an app details page is opened. Restore this ability by giving apps read access to system_server_tmpfs. system_server is still responsible for creating and passing across the ashmem buffers, so this doesn't give apps the ability to read anything system_server isn't willing to give them. Bug: 112987536 Bug: 111381531 Test: atest android.appsecurity.cts.PermissionsHostTest on kernel 4.14 Change-Id: Ice5e25f55bc409e91ad7e8c7ea8b28ae213191a3
This commit is contained in:
Benjamin Gordon
Nick Kralevich
parent
8d7d5b42b5
commit
360559e7bb
1 changed files with 4 additions and 0 deletions
|
|
@ -2,6 +2,10 @@
|
||||||
# Read system properties managed by zygote.
|
# Read system properties managed by zygote.
|
||||||
allow appdomain zygote_tmpfs:file read;
|
allow appdomain zygote_tmpfs:file read;
|
||||||
|
|
||||||
|
# Read from (but not create) system_server buffers transferred through
|
||||||
|
# ashmem, e.g. battery stats.
|
||||||
|
allow appdomain system_server_tmpfs:file read;
|
||||||
|
|
||||||
neverallow appdomain system_server:udp_socket {
|
neverallow appdomain system_server:udp_socket {
|
||||||
accept append bind create ioctl listen lock name_bind
|
accept append bind create ioctl listen lock name_bind
|
||||||
relabelfrom relabelto setattr shutdown };
|
relabelfrom relabelto setattr shutdown };
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue