Merge "Allow vendor_init to access unencrypted_data_file" into pi-dev
This commit is contained in:
Tom Cherry
Android (Google) Code Review
commit
4f0a21cca8
2 changed files with 37 additions and 7 deletions
|
|
@ -835,6 +835,7 @@ full_treble_only(`
|
|||
-appdomain # TODO(b/34980020) remove exemption for appdomain
|
||||
-coredomain
|
||||
-data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
|
||||
-vendor_init
|
||||
} {
|
||||
core_data_file_type
|
||||
# libc includes functions like mktime and localtime which attempt to access
|
||||
|
|
@ -842,6 +843,17 @@ full_treble_only(`
|
|||
# vndk-stable and thus must be allowed for all processes.
|
||||
-zoneinfo_data_file
|
||||
}:file_class_set ~{ append getattr ioctl read write };
|
||||
neverallow {
|
||||
vendor_init
|
||||
-data_between_core_and_vendor_violators
|
||||
} {
|
||||
core_data_file_type
|
||||
-unencrypted_data_file
|
||||
-zoneinfo_data_file
|
||||
}:file_class_set ~{ append getattr ioctl read write };
|
||||
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
|
||||
# The vendor init binary lives on the system partition so there is not a concern with stability.
|
||||
neverallow vendor_init unencrypted_data_file:file ~r_file_perms;
|
||||
')
|
||||
full_treble_only(`
|
||||
# vendor domains may only access dirs in /data/vendor, never core_data_file_types
|
||||
|
|
@ -850,12 +862,26 @@ full_treble_only(`
|
|||
-appdomain # TODO(b/34980020) remove exemption for appdomain
|
||||
-coredomain
|
||||
-data_between_core_and_vendor_violators
|
||||
-vendor_init
|
||||
} {
|
||||
core_data_file_type
|
||||
-system_data_file # default label for files on /data. Covered below...
|
||||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
}:dir *;
|
||||
neverallow {
|
||||
vendor_init
|
||||
-data_between_core_and_vendor_violators
|
||||
} {
|
||||
core_data_file_type
|
||||
-unencrypted_data_file
|
||||
-system_data_file
|
||||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
}:dir *;
|
||||
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
|
||||
# The vendor init binary lives on the system partition so there is not a concern with stability.
|
||||
neverallow vendor_init unencrypted_data_file:dir ~search;
|
||||
')
|
||||
full_treble_only(`
|
||||
# vendor domains may only access dirs in /data/vendor, never core_data_file_types
|
||||
|
|
|
|||
|
|
@ -34,6 +34,10 @@ allow vendor_init self:global_capability_class_set dac_override;
|
|||
# we just allow all file types except /system files here.
|
||||
allow vendor_init self:global_capability_class_set { chown fowner fsetid };
|
||||
|
||||
# mkdir with FBE requires reading /data/unencrypted/{ref,mode}.
|
||||
allow vendor_init unencrypted_data_file:dir search;
|
||||
allow vendor_init unencrypted_data_file:file r_file_perms;
|
||||
|
||||
allow vendor_init {
|
||||
file_type
|
||||
-core_data_file_type
|
||||
|
|
|
|||
Loading…
Reference in a new issue