Finer grained permissions for ctl. properties
Currently, permissions for ctl. property apply to each action verb, so
if a domain has permissions for controlling service 'foo', then it can
start, stop, and restart foo.
This change implements finer grainer permissions such that permission
can be given to strictly start a given service, but not stop or
restart it. This new permission scheme is mandatory for the new
control functions, sigstop_on, sigstop_off, interface_start,
interface_stop, interface_restart.
Bug: 78511553
Test: see appropriate successes and failures based on permissions
Merged-In: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
Change-Id: Ibe0cc0d6028fb0ed7d6bcba626721e0d84cc20fa
(cherry picked from commit 2208f96e9e
)
This commit is contained in:
parent
98f83b67cc
commit
7b8be35ddf
8 changed files with 50 additions and 5 deletions
|
@ -102,7 +102,7 @@
|
||||||
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
||||||
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
||||||
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
||||||
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop))
|
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
|
||||||
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
||||||
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
||||||
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
||||||
|
|
|
@ -118,7 +118,7 @@
|
||||||
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
|
||||||
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
|
||||||
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
|
||||||
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop))
|
(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
|
||||||
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
|
||||||
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
|
||||||
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
|
||||||
|
|
|
@ -17,6 +17,10 @@
|
||||||
broadcastradio_service
|
broadcastradio_service
|
||||||
cgroup_bpf
|
cgroup_bpf
|
||||||
crossprofileapps_service
|
crossprofileapps_service
|
||||||
|
ctl_interface_restart_prop
|
||||||
|
ctl_interface_start_prop
|
||||||
|
ctl_interface_stop_prop
|
||||||
|
ctl_sigstop_prop
|
||||||
e2fs
|
e2fs
|
||||||
e2fs_exec
|
e2fs_exec
|
||||||
exfat
|
exfat
|
||||||
|
|
|
@ -823,7 +823,7 @@
|
||||||
(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
|
(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
|
||||||
(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
|
(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
|
||||||
(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
|
(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
|
||||||
(typeattributeset ctl_default_prop_27_0 (ctl_default_prop))
|
(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop))
|
||||||
(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
|
(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
|
||||||
(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
|
(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
|
||||||
(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
|
(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
|
||||||
|
|
|
@ -15,6 +15,10 @@
|
||||||
bpfloader_exec
|
bpfloader_exec
|
||||||
cgroup_bpf
|
cgroup_bpf
|
||||||
crossprofileapps_service
|
crossprofileapps_service
|
||||||
|
ctl_interface_restart_prop
|
||||||
|
ctl_interface_start_prop
|
||||||
|
ctl_interface_stop_prop
|
||||||
|
ctl_sigstop_prop
|
||||||
exfat
|
exfat
|
||||||
exported2_config_prop
|
exported2_config_prop
|
||||||
exported2_default_prop
|
exported2_default_prop
|
||||||
|
|
|
@ -5,5 +5,4 @@ init_daemon_domain(hwservicemanager)
|
||||||
add_hwservice(hwservicemanager, hidl_manager_hwservice)
|
add_hwservice(hwservicemanager, hidl_manager_hwservice)
|
||||||
add_hwservice(hwservicemanager, hidl_token_hwservice)
|
add_hwservice(hwservicemanager, hidl_token_hwservice)
|
||||||
|
|
||||||
set_prop(hwservicemanager, ctl_default_prop)
|
set_prop(hwservicemanager, ctl_interface_start_prop)
|
||||||
set_prop(hwservicemanager, ctl_dumpstate_prop)
|
|
||||||
|
|
|
@ -104,6 +104,16 @@ ctl.bugreport u:object_r:ctl_bugreport_prop:s0
|
||||||
ctl.console u:object_r:ctl_console_prop:s0
|
ctl.console u:object_r:ctl_console_prop:s0
|
||||||
ctl. u:object_r:ctl_default_prop:s0
|
ctl. u:object_r:ctl_default_prop:s0
|
||||||
|
|
||||||
|
# Don't allow blind access to all services
|
||||||
|
ctl.sigstop_on$ u:object_r:ctl_sigstop_prop:s0
|
||||||
|
ctl.sigstop_off$ u:object_r:ctl_sigstop_prop:s0
|
||||||
|
ctl.start$ u:object_r:ctl_start_prop:s0
|
||||||
|
ctl.stop$ u:object_r:ctl_stop_prop:s0
|
||||||
|
ctl.restart$ u:object_r:ctl_restart_prop:s0
|
||||||
|
ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
|
||||||
|
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
|
||||||
|
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
|
||||||
|
|
||||||
# NFC properties
|
# NFC properties
|
||||||
nfc. u:object_r:nfc_prop:s0
|
nfc. u:object_r:nfc_prop:s0
|
||||||
|
|
||||||
|
|
|
@ -11,8 +11,15 @@ type ctl_console_prop, property_type;
|
||||||
type ctl_default_prop, property_type;
|
type ctl_default_prop, property_type;
|
||||||
type ctl_dumpstate_prop, property_type;
|
type ctl_dumpstate_prop, property_type;
|
||||||
type ctl_fuse_prop, property_type;
|
type ctl_fuse_prop, property_type;
|
||||||
|
type ctl_interface_restart_prop, property_type;
|
||||||
|
type ctl_interface_start_prop, property_type;
|
||||||
|
type ctl_interface_stop_prop, property_type;
|
||||||
type ctl_mdnsd_prop, property_type;
|
type ctl_mdnsd_prop, property_type;
|
||||||
|
type ctl_restart_prop, property_type;
|
||||||
type ctl_rildaemon_prop, property_type;
|
type ctl_rildaemon_prop, property_type;
|
||||||
|
type ctl_sigstop_prop, property_type;
|
||||||
|
type ctl_start_prop, property_type;
|
||||||
|
type ctl_stop_prop, property_type;
|
||||||
type dalvik_prop, property_type, core_property_type;
|
type dalvik_prop, property_type, core_property_type;
|
||||||
type debuggerd_prop, property_type, core_property_type;
|
type debuggerd_prop, property_type, core_property_type;
|
||||||
type debug_prop, property_type, core_property_type;
|
type debug_prop, property_type, core_property_type;
|
||||||
|
@ -123,6 +130,27 @@ neverallow * {
|
||||||
-vold_prop
|
-vold_prop
|
||||||
}:file no_rw_file_perms;
|
}:file no_rw_file_perms;
|
||||||
|
|
||||||
|
# sigstop property is only used for debugging; should only be set by su which is permissive
|
||||||
|
# for userdebug/eng
|
||||||
|
neverallow {
|
||||||
|
domain
|
||||||
|
-init
|
||||||
|
-vendor_init
|
||||||
|
} ctl_sigstop_prop:property_service set;
|
||||||
|
|
||||||
|
# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
|
||||||
|
# in the audit log
|
||||||
|
dontaudit domain {
|
||||||
|
ctl_bootanim_prop
|
||||||
|
ctl_bugreport_prop
|
||||||
|
ctl_console_prop
|
||||||
|
ctl_default_prop
|
||||||
|
ctl_dumpstate_prop
|
||||||
|
ctl_fuse_prop
|
||||||
|
ctl_mdnsd_prop
|
||||||
|
ctl_rildaemon_prop
|
||||||
|
}:property_service set;
|
||||||
|
|
||||||
compatible_property_only(`
|
compatible_property_only(`
|
||||||
# Prevent properties from being set
|
# Prevent properties from being set
|
||||||
neverallow {
|
neverallow {
|
||||||
|
|
Loading…
Reference in a new issue