From 5c5b6263584e7cfe15abda0ed377113727212e6d Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Mon, 24 Apr 2017 15:09:19 -0700
Subject: [PATCH] Assert untrusted apps can't add or list hwservicemanager

This adds a neverallow rules which checks that SELinux app domains
which host arbitrary code are not allowed to access hwservicemanager
operations other than "find" operation for which there already are
strict neverallow rules in the policy.

Test: mmm system/sepolicy -- neverallow-only change
Bug: 34454312
Change-Id: I3b80c6ae2c254495704e0409e0c5c88f6ce3a6a7
---
 private/app_neverallows.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 8b53ff57a..0f0f57766 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -108,6 +108,10 @@ neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
 # against privileged system components
 neverallow all_untrusted_apps system_file:file lock;
 
+# Do not permit untrusted apps to perform actions on HwBinder service_manager
+# other than find actions for services listed below
+neverallow all_untrusted_apps *:hwservice_manager ~find;
+
 # Do not permit access from apps which host arbitrary code to HwBinder services,
 # except those considered sufficiently safe for access from such apps.
 # The two main reasons for this are: