am 6d97d9b8: Merge "Revert "SELinux policy changes for re-execing init.""

* commit '6d97d9b818660da74b688197b2b88afbc1af4371':
  Revert "SELinux policy changes for re-execing init."
This commit is contained in:
Nick Kralevich 2015-04-24 17:22:59 +00:00 committed by Android Git Automerger
commit 6b82aaeb58
4 changed files with 29 additions and 33 deletions

View file

@ -299,8 +299,7 @@ neverallow { domain -init } property_data_file:file no_w_file_perms;
# Only recovery should be doing writes to /system
neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
{ create write setattr relabelfrom append unlink link rename };
neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto;
{ create write setattr relabelfrom relabelto append unlink link rename };
# Don't allow mounting on top of /system files or directories
neverallow domain { system_file exec_type }:dir_file_class_set mounton;

View file

@ -12,7 +12,7 @@
# Executables
/charger u:object_r:rootfs:s0
/init u:object_r:init_exec:s0
/init u:object_r:rootfs:s0
/sbin(/.*)? u:object_r:rootfs:s0
# Empty directories

29
init.te
View file

@ -1,22 +1,7 @@
# init is its own domain.
# init switches to init domain (via init.rc).
type init, domain, mlstrustedsubject;
tmpfs_domain(init)
# The init domain is entered by execing init.
type init_exec, exec_type, file_type;
# /dev/__null__ node created by init.
allow init tmpfs:chr_file create_file_perms;
#
# init direct restorecon calls.
#
# /dev/socket
allow init { device socket_device }:dir relabelto;
# /dev/__properties__
allow init tmpfs:file relabelfrom;
allow init properties_device:file relabelto;
# setrlimit
allow init self:capability sys_resource;
@ -45,8 +30,6 @@ allow init self:capability sys_admin;
allow init rootfs:dir create_dir_perms;
allow init rootfs:dir mounton;
allow init proc:dir mounton;
# Mount on /dev/usb-ffs/adb.
allow init device:dir mounton;
@ -161,8 +144,8 @@ recovery_only(`
domain_trans(init, rootfs, recovery)
')
domain_trans(init, shell_exec, shell)
domain_trans(init, init_exec, ueventd)
domain_trans(init, init_exec, watchdogd)
domain_trans(init, rootfs, ueventd)
domain_trans(init, rootfs, watchdogd)
# Support "adb shell stop"
allow init self:capability kill;
@ -274,9 +257,9 @@ unix_socket_connect(init, vold, vold)
# The init domain is only entered via setcon from the kernel domain,
# never via an exec-based transition.
neverallow domain init:process dyntransition;
neverallow { domain -kernel} init:process transition;
neverallow init { file_type fs_type -init_exec }:file entrypoint;
neverallow { domain -kernel} init:process dyntransition;
neverallow domain init:process transition;
neverallow init { file_type fs_type }:file entrypoint;
# Never read/follow symlinks created by shell or untrusted apps.
neverallow init shell_data_file:lnk_file read;

View file

@ -3,11 +3,15 @@ type kernel, domain, mlstrustedsubject;
allow kernel self:capability sys_nice;
# Allow init relabel itself.
allow kernel rootfs:file relabelfrom;
allow kernel init_exec:file relabelto;
# TODO: investigate why we need this.
allow kernel init:process share;
# Run /init before we have switched domains.
allow kernel rootfs:file execute_no_trans;
# /dev/__null__ node created by init prior to policy load.
allow kernel tmpfs:chr_file rw_file_perms;
# setcon to init domain.
allow kernel self:process setcurrent;
allow kernel init:process dyntransition;
# cgroup filesystem initialization prior to setting the cgroup root directory label.
allow kernel unlabeled:dir search;
@ -16,6 +20,18 @@ allow kernel unlabeled:dir search;
allow kernel usbfs:filesystem mount;
allow kernel usbfs:dir search;
# init direct restorecon calls prior to switching to init domain
# /dev and /dev/socket
allow kernel tmpfs:dir relabelfrom;
allow kernel { device socket_device }:dir relabelto;
# /dev/__properties__
allow kernel tmpfs:file relabelfrom;
allow kernel properties_device:file relabelto;
# /sys
allow kernel sysfs:{ dir file lnk_file } relabelfrom;
allow kernel sysfs_type:{ dir file lnk_file } relabelto;
allow kernel sysfs_type:dir r_dir_perms;
# Initial setenforce by init prior to switching to init domain.
# We use dontaudit instead of allow to prevent a kernel spawned userspace
# process from turning off SELinux once enabled.
@ -42,8 +58,6 @@ allow kernel vold:fd use;
allow kernel app_data_file:file read;
allow kernel asec_image_file:file read;
domain_auto_trans(kernel, init_exec, init)
###
### neverallow rules
###