Allow bootstrap bionic only to init, ueventd, and apexd
The bootstrap bionic (/system/lib/bootstrap/*) are only to the early
processes that are executed before the bionic libraries become available
via the runtime APEX. Allowing them to other processes is not needed and
sometimes causes a problem like b/123183824.
Bug: 123183824
Test: device boots to the UI
Test: atest CtsJniTestCases:android.jni.cts.JniStaticTest#test_linker_namespaces
Merged-In: Id7bba2e8ed1c9faf6aa85dbbdd89add04826b160
Change-Id: Id7bba2e8ed1c9faf6aa85dbbdd89add04826b160
(cherry picked from commit a0f998e6de)
This commit is contained in:
Jiyong Park
parent
c7a3140398
commit
972d4b6473
10 changed files with 32 additions and 0 deletions
|
|
@ -93,6 +93,10 @@ allow apexd rootfs:dir mounton;
|
|||
# rule is required, thus restricted to execute and not execute_no_trans.
|
||||
allow apexd shell_exec:file { r_file_perms execute };
|
||||
|
||||
# apexd is using bootstrap bionic
|
||||
allow apexd system_bootstrap_lib_file:dir r_dir_perms;
|
||||
allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
|
||||
|
||||
# Allow transition to ART APEX preinstall domain.
|
||||
domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall)
|
||||
# Allow transition to ART APEX postinstall domain.
|
||||
|
|
|
|||
|
|
@ -160,6 +160,7 @@
|
|||
super_block_device
|
||||
sysfs_fs_ext4_features
|
||||
system_boot_reason_prop
|
||||
system_bootstrap_lib_file
|
||||
system_lmk_prop
|
||||
system_net_netd_hwservice
|
||||
system_update_service
|
||||
|
|
|
|||
|
|
@ -146,6 +146,7 @@
|
|||
super_block_device
|
||||
staging_data_file
|
||||
system_boot_reason_prop
|
||||
system_bootstrap_lib_file
|
||||
system_lmk_prop
|
||||
system_update_service
|
||||
test_boot_reason_prop
|
||||
|
|
|
|||
|
|
@ -121,6 +121,7 @@
|
|||
su_tmpfs
|
||||
super_block_device
|
||||
sysfs_fs_f2fs
|
||||
system_bootstrap_lib_file
|
||||
system_event_log_tags_file
|
||||
system_lmk_prop
|
||||
system_suspend_hwservice
|
||||
|
|
|
|||
|
|
@ -180,6 +180,7 @@
|
|||
#
|
||||
/system(/.*)? u:object_r:system_file:s0
|
||||
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
||||
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
|
||||
/system/bin/atrace u:object_r:atrace_exec:s0
|
||||
/system/bin/ashmemd u:object_r:ashmemd_exec:s0
|
||||
/system/bin/auditctl u:object_r:auditctl_exec:s0
|
||||
|
|
|
|||
|
|
@ -582,3 +582,13 @@ neverallow appdomain proc_uid_cpupower:file *;
|
|||
# application boundary. VPN apps may use the ConnectivityManager.getConnectionOwnerUid() API to
|
||||
# perform UID lookups.
|
||||
neverallow { appdomain -shell } proc_net_tcp_udp:file *;
|
||||
|
||||
# Apps cannot access bootstrap files. The bootstrap files are only for
|
||||
# extremely early processes (like init, etc.) which are started before
|
||||
# the runtime APEX is activated and Bionic libs are provided from there.
|
||||
# If app process accesses (or even load/execute) the bootstrap files,
|
||||
# it might cause problems such as ODR violation, etc.
|
||||
neverallow appdomain system_bootstrap_lib_file:file
|
||||
{ open read write append execute execute_no_trans map };
|
||||
neverallow appdomain system_bootstrap_lib_file:dir
|
||||
{ open read getattr search };
|
||||
|
|
|
|||
|
|
@ -148,6 +148,8 @@ type system_asan_options_file, system_file_type, file_type;
|
|||
type system_event_log_tags_file, system_file_type, file_type;
|
||||
# Default type for anything under /system/lib[64].
|
||||
type system_lib_file, system_file_type, file_type;
|
||||
# system libraries that are available only to bootstrap processes
|
||||
type system_bootstrap_lib_file, system_file_type, file_type;
|
||||
# Default type for linker executable /system/bin/linker[64].
|
||||
type system_linker_exec, system_file_type, file_type;
|
||||
# Default type for linker config /system/etc/ld.config.*.
|
||||
|
|
|
|||
|
|
@ -558,6 +558,10 @@ allow init apexd:binder call;
|
|||
# Allow init to touch PSI monitors
|
||||
allow init proc_pressure_mem:file { rw_file_perms setattr };
|
||||
|
||||
# init is using bootstrap bionic
|
||||
allow init system_bootstrap_lib_file:dir r_dir_perms;
|
||||
allow init system_bootstrap_lib_file:file { execute read open getattr map };
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
|
|||
|
|
@ -55,6 +55,10 @@ allow ueventd self:global_capability_class_set sys_module;
|
|||
allow ueventd vendor_file:system module_load;
|
||||
allow ueventd kernel:key search;
|
||||
|
||||
# ueventd is using bootstrap bionic
|
||||
allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
|
||||
allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
|
||||
|
||||
#####
|
||||
##### neverallow rules
|
||||
#####
|
||||
|
|
|
|||
|
|
@ -180,6 +180,10 @@ allow vendor_init self:global_capability_class_set sys_admin;
|
|||
# Raw writes to misc block device
|
||||
allow vendor_init misc_block_device:blk_file w_file_perms;
|
||||
|
||||
# vendor_init is using bootstrap bionic
|
||||
allow vendor_init system_bootstrap_lib_file:dir r_dir_perms;
|
||||
allow vendor_init system_bootstrap_lib_file:file { execute read open getattr map };
|
||||
|
||||
# Everything is labeled as rootfs in recovery mode. Vendor init has to execute
|
||||
# the dynamic linker and shared libraries.
|
||||
recovery_only(`
|
||||
|
|
|
|||
Loading…
Reference in a new issue