From c450759e8e67caa7a77ca078b1478b018a9b848b Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 24 Apr 2015 16:59:43 +0000 Subject: [PATCH] Revert "SELinux policy changes for re-execing init." shamu isn't booting. This reverts commit 46e832f5624e21ab155deb35c52b8127a2c678ae. Change-Id: Ib697745a9a1618061bc72f8fddd7ee88c1ac5eca --- domain.te | 3 +-- file_contexts | 2 +- init.te | 29 ++++++----------------------- kernel.te | 28 +++++++++++++++++++++------- 4 files changed, 29 insertions(+), 33 deletions(-) diff --git a/domain.te b/domain.te index 7bc2292d5..c7fe3be7a 100644 --- a/domain.te +++ b/domain.te @@ -299,8 +299,7 @@ neverallow { domain -init } property_data_file:file no_w_file_perms; # Only recovery should be doing writes to /system neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set - { create write setattr relabelfrom append unlink link rename }; -neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto; + { create write setattr relabelfrom relabelto append unlink link rename }; # Don't allow mounting on top of /system files or directories neverallow domain { system_file exec_type }:dir_file_class_set mounton; diff --git a/file_contexts b/file_contexts index 0fc096dcb..e36a6c384 100644 --- a/file_contexts +++ b/file_contexts @@ -12,7 +12,7 @@ # Executables /charger u:object_r:rootfs:s0 -/init u:object_r:init_exec:s0 +/init u:object_r:rootfs:s0 /sbin(/.*)? u:object_r:rootfs:s0 # Empty directories diff --git a/init.te b/init.te index 9f68bb85d..78f460a4d 100644 --- a/init.te +++ b/init.te @@ -1,22 +1,7 @@ -# init is its own domain. +# init switches to init domain (via init.rc). type init, domain, mlstrustedsubject; tmpfs_domain(init) -# The init domain is entered by execing init. -type init_exec, exec_type, file_type; - -# /dev/__null__ node created by init. -allow init tmpfs:chr_file create_file_perms; - -# -# init direct restorecon calls. -# -# /dev/socket -allow init { device socket_device }:dir relabelto; -# /dev/__properties__ -allow init tmpfs:file relabelfrom; -allow init properties_device:file relabelto; - # setrlimit allow init self:capability sys_resource; @@ -45,8 +30,6 @@ allow init self:capability sys_admin; allow init rootfs:dir create_dir_perms; allow init rootfs:dir mounton; -allow init proc:dir mounton; - # Mount on /dev/usb-ffs/adb. allow init device:dir mounton; @@ -161,8 +144,8 @@ recovery_only(` domain_trans(init, rootfs, recovery) ') domain_trans(init, shell_exec, shell) -domain_trans(init, init_exec, ueventd) -domain_trans(init, init_exec, watchdogd) +domain_trans(init, rootfs, ueventd) +domain_trans(init, rootfs, watchdogd) # Support "adb shell stop" allow init self:capability kill; @@ -274,9 +257,9 @@ unix_socket_connect(init, vold, vold) # The init domain is only entered via setcon from the kernel domain, # never via an exec-based transition. -neverallow domain init:process dyntransition; -neverallow { domain -kernel} init:process transition; -neverallow init { file_type fs_type -init_exec }:file entrypoint; +neverallow { domain -kernel} init:process dyntransition; +neverallow domain init:process transition; +neverallow init { file_type fs_type }:file entrypoint; # Never read/follow symlinks created by shell or untrusted apps. neverallow init shell_data_file:lnk_file read; diff --git a/kernel.te b/kernel.te index 72325c2f3..f570ac21c 100644 --- a/kernel.te +++ b/kernel.te @@ -3,11 +3,15 @@ type kernel, domain, mlstrustedsubject; allow kernel self:capability sys_nice; -# Allow init relabel itself. -allow kernel rootfs:file relabelfrom; -allow kernel init_exec:file relabelto; -# TODO: investigate why we need this. -allow kernel init:process share; +# Run /init before we have switched domains. +allow kernel rootfs:file execute_no_trans; + +# /dev/__null__ node created by init prior to policy load. +allow kernel tmpfs:chr_file rw_file_perms; + +# setcon to init domain. +allow kernel self:process setcurrent; +allow kernel init:process dyntransition; # cgroup filesystem initialization prior to setting the cgroup root directory label. allow kernel unlabeled:dir search; @@ -16,6 +20,18 @@ allow kernel unlabeled:dir search; allow kernel usbfs:filesystem mount; allow kernel usbfs:dir search; +# init direct restorecon calls prior to switching to init domain +# /dev and /dev/socket +allow kernel tmpfs:dir relabelfrom; +allow kernel { device socket_device }:dir relabelto; +# /dev/__properties__ +allow kernel tmpfs:file relabelfrom; +allow kernel properties_device:file relabelto; +# /sys +allow kernel sysfs:{ dir file lnk_file } relabelfrom; +allow kernel sysfs_type:{ dir file lnk_file } relabelto; +allow kernel sysfs_type:dir r_dir_perms; + # Initial setenforce by init prior to switching to init domain. # We use dontaudit instead of allow to prevent a kernel spawned userspace # process from turning off SELinux once enabled. @@ -42,8 +58,6 @@ allow kernel vold:fd use; allow kernel app_data_file:file read; allow kernel asec_image_file:file read; -domain_auto_trans(kernel, init_exec, init) - ### ### neverallow rules ###