Remove hwservicemanager from microdroid sepolicy
With the keymint HAL removed from microdroid, there are no more legacy HALs meaning no further need for hwservicemanager. Bug: 215747811 Test: atest MicrodroidTests Change-Id: I111f3456399ef91e51d1cfead67659601c23db9e
This commit is contained in:
Andrew Scull
parent
af2c894f2c
commit
6c288a2676
19 changed files with 1 additions and 121 deletions
|
|
@ -265,14 +265,6 @@ genrule {
|
|||
"$(location fc_sort) -i $(out).tmp -o $(out)",
|
||||
}
|
||||
|
||||
prebuilt_etc {
|
||||
name: "microdroid_hwservice_contexts",
|
||||
filename: "plat_hwservice_contexts",
|
||||
src: "system/private/hwservice_contexts",
|
||||
relative_install_path: "selinux",
|
||||
installable: false,
|
||||
}
|
||||
|
||||
prebuilt_etc {
|
||||
name: "microdroid_property_contexts",
|
||||
filename: "plat_property_contexts",
|
||||
|
|
|
|||
|
|
@ -684,13 +684,6 @@ class service_manager
|
|||
list
|
||||
}
|
||||
|
||||
class hwservice_manager
|
||||
{
|
||||
add
|
||||
find
|
||||
list
|
||||
}
|
||||
|
||||
class drmservice {
|
||||
consumeRights
|
||||
setPlaybackStatus
|
||||
|
|
|
|||
|
|
@ -151,8 +151,5 @@ class property_service # userspace
|
|||
# Service manager
|
||||
class service_manager # userspace
|
||||
|
||||
# hardware service manager # userspace
|
||||
class hwservice_manager
|
||||
|
||||
class drmservice # userspace
|
||||
# FLASK
|
||||
|
|
|
|||
|
|
@ -684,13 +684,6 @@ class service_manager
|
|||
list
|
||||
}
|
||||
|
||||
class hwservice_manager
|
||||
{
|
||||
add
|
||||
find
|
||||
list
|
||||
}
|
||||
|
||||
class diced
|
||||
{
|
||||
demote
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ allow domain null_device:chr_file rw_file_perms;
|
|||
allow domain zero_device:chr_file rw_file_perms;
|
||||
|
||||
# /dev/binder can be accessed by ... everyone! :)
|
||||
allow { domain -hwservicemanager } binder_device:chr_file rw_file_perms;
|
||||
allow { domain } binder_device:chr_file rw_file_perms;
|
||||
|
||||
# Restrict binder ioctls to an allowlist. Additional ioctl commands may be
|
||||
# added to individual domains, but this sets safe defaults for all processes.
|
||||
|
|
@ -411,15 +411,6 @@ neverallow domain { contextmount_type -authfs_fuse }:dir_file_class_set { write
|
|||
# from service name to service_type are defined in {,hw,vnd}service_contexts.
|
||||
neverallow * default_android_service:service_manager *;
|
||||
|
||||
# Looking up the base class/interface of all HwBinder services is a bad idea.
|
||||
# hwservicemanager currently offer such lookups only to make it so that security
|
||||
# decisions are expressed in SELinux policy. However, it's unclear whether this
|
||||
# lookup has security implications. If it doesn't, hwservicemanager should be
|
||||
# modified to not offer this lookup.
|
||||
# This rule can be removed if hwservicemanager is modified to not permit these
|
||||
# lookups.
|
||||
neverallow * hidl_base_hwservice:hwservice_manager find;
|
||||
|
||||
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
|
||||
|
||||
neverallow { domain -init } build_prop:property_service set;
|
||||
|
|
@ -428,8 +419,6 @@ neverallow { domain -init } build_prop:property_service set;
|
|||
# The service managers are only allowed to access their own device node
|
||||
neverallow servicemanager hwbinder_device:chr_file no_rw_file_perms;
|
||||
neverallow servicemanager vndbinder_device:chr_file no_rw_file_perms;
|
||||
neverallow hwservicemanager binder_device:chr_file no_rw_file_perms;
|
||||
neverallow hwservicemanager vndbinder_device:chr_file no_rw_file_perms;
|
||||
|
||||
# system services cant add vendor services
|
||||
neverallow {
|
||||
|
|
@ -549,11 +538,6 @@ neverallow * ~{
|
|||
servicemanager
|
||||
}:service_manager list;
|
||||
|
||||
# hwservicemanager is the only process which handles hw list requests
|
||||
neverallow * ~{
|
||||
hwservicemanager
|
||||
}:hwservice_manager list;
|
||||
|
||||
# only service_manager_types can be added to service_manager
|
||||
# TODO - rework this: neverallow * ~service_manager_type:service_manager { add find };
|
||||
|
||||
|
|
@ -596,15 +580,6 @@ neverallow * self:global_capability_class_set setfcap;
|
|||
# Enforce AT_SECURE for executing crash_dump.
|
||||
neverallow domain crash_dump:process noatsecure;
|
||||
|
||||
# Do not permit non-core domains to register HwBinder services which are
|
||||
# guaranteed to be provided by core domains only.
|
||||
neverallow ~coredomain coredomain_hwservice:hwservice_manager add;
|
||||
|
||||
# Do not permit the registeration of HwBinder services which are guaranteed to
|
||||
# be passthrough only (i.e., run in the process of their clients instead of a
|
||||
# separate server process).
|
||||
neverallow * same_process_hwservice:hwservice_manager add;
|
||||
|
||||
# If an already existing file is opened with O_CREAT, the kernel might generate
|
||||
# a false report of a create denial. Silence these denials and make sure that
|
||||
# inappropriate permissions are not granted.
|
||||
|
|
|
|||
|
|
@ -109,7 +109,6 @@
|
|||
/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
|
||||
/system/bin/diced.microdroid u:object_r:diced_exec:s0
|
||||
/system/bin/servicemanager.microdroid u:object_r:servicemanager_exec:s0
|
||||
/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0
|
||||
/system/bin/init u:object_r:init_exec:s0
|
||||
/system/bin/logcat -- u:object_r:logcat_exec:s0
|
||||
/system/bin/logd u:object_r:logd_exec:s0
|
||||
|
|
@ -136,7 +135,6 @@
|
|||
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
|
||||
/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
|
||||
/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0
|
||||
/system/etc/selinux/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
|
||||
/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0
|
||||
/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
|
||||
/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
###
|
||||
### Rules for all domains which are clients of a HAL
|
||||
###
|
||||
|
||||
# Find out whether a HAL in passthrough/in-process mode or
|
||||
# binderized/out-of-process mode
|
||||
hwbinder_use(halclientdomain)
|
||||
|
||||
# Wait for HAL server to be up (used by getService)
|
||||
allow halclientdomain hidl_manager_hwservice:hwservice_manager find;
|
||||
|
||||
get_prop(halclientdomain, hwservicemanager_prop)
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
|
||||
android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0
|
||||
android.hidl.manager::IServiceManager u:object_r:hidl_manager_hwservice:s0
|
||||
android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0
|
||||
android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0
|
||||
* u:object_r:default_android_hwservice:s0
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
typeattribute hwservicemanager coredomain;
|
||||
|
||||
init_daemon_domain(hwservicemanager)
|
||||
|
||||
allow hwservicemanager vendor_configs_file:file { open getattr };
|
||||
|
||||
# Note that we do not use the binder_* macros here.
|
||||
# hwservicemanager provides name service (aka context manager)
|
||||
# for hwbinder.
|
||||
# Additionally, it initiates binder IPC calls to
|
||||
# clients who request service notifications. The permission
|
||||
# to do this is granted in the hwbinder_use macro.
|
||||
allow hwservicemanager self:binder set_context_mgr;
|
||||
|
||||
# Scan through /system/lib64/hw looking for installed HALs
|
||||
allow hwservicemanager system_file:dir r_dir_perms;
|
||||
|
||||
# Read hwservice_contexts
|
||||
allow hwservicemanager hwservice_contexts_file:file r_file_perms;
|
||||
|
||||
# Check SELinux permissions.
|
||||
selinux_check_access(hwservicemanager)
|
||||
|
||||
add_hwservice(hwservicemanager, hidl_manager_hwservice)
|
||||
add_hwservice(hwservicemanager, hidl_token_hwservice)
|
||||
|
||||
set_prop(hwservicemanager, hwservicemanager_prop)
|
||||
|
|
@ -90,7 +90,6 @@ dontaudit kernel device:dir { open read relabelto };
|
|||
dontaudit kernel tmpfs:file { getattr open read relabelfrom };
|
||||
dontaudit kernel {
|
||||
file_contexts_file
|
||||
hwservice_contexts_file
|
||||
mac_perms_file
|
||||
property_contexts_file
|
||||
seapp_contexts_file
|
||||
|
|
|
|||
|
|
@ -5,8 +5,6 @@ init_daemon_domain(logd)
|
|||
allow logd adbd:dir search;
|
||||
allow logd adbd:file { getattr open read };
|
||||
allow logd device:dir search;
|
||||
allow logd hwservicemanager:dir search;
|
||||
allow logd hwservicemanager:file { open read };
|
||||
allow logd init:dir search;
|
||||
allow logd init:fd use;
|
||||
allow logd init:file { getattr open read };
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ ro.boottime.adbd u:object_r:boottime_prop:s0 exact int
|
|||
ro.boottime.apexd-vm u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.apkdmverity u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.authfs_service u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.hwservicemanager u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.init u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.init.cold_boot_wait u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.init.first_stage u:object_r:boottime_prop:s0 exact int
|
||||
|
|
@ -62,8 +61,6 @@ ro.boottime.zipfuse u:object_r:boottime_prop:s0 exact int
|
|||
|
||||
ro.build.fingerprint u:object_r:fingerprint_prop:s0 exact string
|
||||
|
||||
hwservicemanager.ready u:object_r:hwservicemanager_prop:s0 exact bool
|
||||
|
||||
apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
|
||||
ro.apex.updatable u:object_r:apexd_prop:s0 exact bool
|
||||
|
||||
|
|
@ -75,7 +72,6 @@ persist.sys.usb.config u:object_r:usb_control_prop:s0 exact string
|
|||
init.svc.apexd-vm u:object_r:init_service_status_private_prop:s0 exact string
|
||||
init.svc.apkdmverity u:object_r:init_service_status_private_prop:s0 exact string
|
||||
init.svc.authfs_service u:object_r:init_service_status_private_prop:s0 exact string
|
||||
init.svc.hwservicemanager u:object_r:init_service_status_private_prop:s0 exact string
|
||||
init.svc.logd u:object_r:init_service_status_private_prop:s0 exact string
|
||||
init.svc.logd-reinit u:object_r:init_service_status_private_prop:s0 exact string
|
||||
init.svc.microdroid_manager u:object_r:init_service_status_private_prop:s0 exact string
|
||||
|
|
|
|||
|
|
@ -151,9 +151,6 @@ class property_service # userspace
|
|||
# Service manager
|
||||
class service_manager # userspace
|
||||
|
||||
# hardware service manager # userspace
|
||||
class hwservice_manager
|
||||
|
||||
# Diced permissions
|
||||
class diced # userspace
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ allow servicemanager {
|
|||
domain
|
||||
-init
|
||||
-vendor_init
|
||||
-hwservicemanager
|
||||
}:binder transfer;
|
||||
|
||||
allow servicemanager service_contexts_file:file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ type cgroup_desc_file, file_type, system_file_type;
|
|||
type cgroup_rc_file, file_type;
|
||||
type extra_apk_file, file_type;
|
||||
type file_contexts_file, file_type, system_file_type;
|
||||
type hwservice_contexts_file, file_type, system_file_type;
|
||||
type linkerconfig_file, file_type;
|
||||
type logd_socket, file_type, mlstrustedobject, coredomain_socket;
|
||||
type logdr_socket, file_type, mlstrustedobject, coredomain_socket;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
type hwservicemanager, domain, mlstrustedsubject;
|
||||
type hwservicemanager_exec, file_type, exec_type, system_file_type;
|
||||
|
|
@ -29,7 +29,6 @@ type dev_mnt_prop, property_type;
|
|||
type fingerprint_prop, property_type;
|
||||
type gsid_prop, property_type;
|
||||
type heapprofd_prop, property_type;
|
||||
type hwservicemanager_prop, property_type;
|
||||
type init_perf_lsm_hooks_prop, property_type;
|
||||
type init_service_status_private_prop, property_type;
|
||||
type init_service_status_prop, property_type;
|
||||
|
|
|
|||
|
|
@ -39,9 +39,7 @@ userdebug_or_eng(`
|
|||
dontaudit su property_type:property_service *;
|
||||
dontaudit su property_type:file *;
|
||||
dontaudit su service_manager_type:service_manager *;
|
||||
dontaudit su hwservice_manager_type:hwservice_manager *;
|
||||
dontaudit su servicemanager:service_manager list;
|
||||
dontaudit su hwservicemanager:hwservice_manager list;
|
||||
dontaudit su domain:drmservice *;
|
||||
dontaudit su unlabeled:filesystem *;
|
||||
dontaudit su domain:bpf *;
|
||||
|
|
|
|||
|
|
@ -2,16 +2,10 @@
|
|||
type adb_service, system_server_service, system_api_service, service_manager_type;
|
||||
type apex_service, service_manager_type;
|
||||
type authfs_binder_service, service_manager_type;
|
||||
type default_android_hwservice, hwservice_manager_type, protected_hwservice;
|
||||
type default_android_service, service_manager_type;
|
||||
type dice_maintenance_service, service_manager_type;
|
||||
type dice_node_service, service_manager_type;
|
||||
type hal_dice_service, protected_service, vendor_service, service_manager_type;
|
||||
type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
type hidl_base_hwservice, hwservice_manager_type;
|
||||
type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
|
||||
type service_manager_service, service_manager_type;
|
||||
type system_linker;
|
||||
type vm_payload_key;
|
||||
|
|
|
|||
Loading…
Reference in a new issue