Merge "Add SELinux lockdown policy"
This commit is contained in:
Thiébaud Weksteen
Gerrit Code Review
commit
6620b476a8
2 changed files with 14 additions and 0 deletions
|
|
@ -170,6 +170,9 @@ create_pty(untrusted_app_all)
|
|||
userdebug_or_eng(`
|
||||
allow untrusted_app_all debugfs_kcov:file rw_file_perms;
|
||||
allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE };
|
||||
# The use of debugfs kcov is considered a breach of the kernel integrity
|
||||
# according to the heuristic of lockdown.
|
||||
allow untrusted_app_all self:lockdown integrity;
|
||||
')
|
||||
|
||||
# Allow signalling simpleperf domain, which is the domain that the simpleperf
|
||||
|
|
|
|||
|
|
@ -275,6 +275,14 @@ allow domain debugfs_tracing:dir search;
|
|||
allow domain debugfs_tracing_debug:dir search;
|
||||
allow domain debugfs_trace_marker:file w_file_perms;
|
||||
|
||||
# Linux lockdown mode offers coarse-grained definitions for access controls.
|
||||
# The "confidentiality" level detects access to tracefs or the perf subsystem.
|
||||
# This overlaps with more precise declarations in Android's policy. The
|
||||
# debugfs_trace_marker above is an example in which all processes should have
|
||||
# some access to tracefs. Therefore, allow all domains to access this level.
|
||||
# The "integrity" level is however enforced.
|
||||
allow domain self:lockdown confidentiality;
|
||||
|
||||
# Filesystem access.
|
||||
allow domain fs_type:filesystem getattr;
|
||||
allow domain fs_type:dir getattr;
|
||||
|
|
@ -1396,3 +1404,6 @@ neverallow {
|
|||
} ashmem_device:chr_file open;
|
||||
|
||||
neverallow { domain -traced_probes -init -vendor_init } debugfs_tracing_printk_formats:file *;
|
||||
|
||||
# Linux lockdown "integrity" level is enforced for user builds.
|
||||
neverallow { domain userdebug_or_eng(`-domain') } self:lockdown integrity;
|
||||
|
|
|
|||
Loading…
Reference in a new issue