SELinux changes for the hasSystemFeature() binder cache property.

am: bafd0c762a Change-Id: I6970d9544db5fb7ef8b5fd449ae8ea523fe5d75e
2020-01-13 14:04:27 -08:00 · 2020-01-13 14:04:27 -08:00 · 97ad022d1d
commit 97ad022d1d
parent 0b23084b9b bafd0c762a
6 changed files with 17 additions and 0 deletions
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@ -15,6 +15,7 @@
    auth_service
    ashmem_libcutils_device
    blob_store_service
+    binder_cache_system_server_prop
    binderfs
    binderfs_logs
    binderfs_logs_proc
--- a/private/system_server.te
+++ b/private/system_server.te
@ -1090,3 +1090,8 @@ neverallow {
  -system_server
 } password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
+
+# Allow systemserver to read/write the invalidation property
+set_prop(system_server, binder_cache_system_server_prop)
+neverallow { domain -system_server -init }
+    binder_cache_system_server_prop:property_service set;
--- a/public/domain.te
+++ b/public/domain.te
@ -107,6 +107,9 @@ get_prop(domain, exported2_default_prop)
 get_prop(domain, logd_prop)
 get_prop(domain, vndk_prop)

+# Allow every to read binder cache properties
+get_prop(domain, binder_cache_system_server_prop)
+
 # Let everyone read log properties, so that liblog can avoid sending unloggable
 # messages to logd.
 get_prop(domain, log_property_type)
--- a/public/property.te
+++ b/public/property.te
@ -149,6 +149,9 @@ system_public_prop(vendor_security_patch_level_prop)
 system_public_prop(wifi_log_prop)
 system_public_prop(wifi_prop)

+# Properties used by binder caches
+system_public_prop(binder_cache_system_server_prop)
+
 # Properties which are public for devices launching with Android O or earlier
 # This should not be used for any new properties.
 not_compatible_property(`
@ -555,6 +558,7 @@ compatible_property_only(`
    -bluetooth_a2dp_offload_prop
    -bluetooth_audio_hal_prop
    -bluetooth_prop
+    -binder_cache_system_server_prop
    -bootloader_boot_reason_prop
    -boottime_prop
    -bpf_progs_loaded_prop
--- a/public/property_contexts
+++ b/public/property_contexts
@ -439,3 +439,6 @@ ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0
 ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
 ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
 ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties.  These are world-readable
+binder.cache_key.has_system_feature      u:object_r:binder_cache_system_server_prop:s0
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -198,6 +198,7 @@ recovery_only(`
 not_compatible_property(`
    set_prop(vendor_init, {
      property_type
+      -binder_cache_system_server_prop
      -device_config_activity_manager_native_boot_prop
      -device_config_boot_count_prop
      -device_config_reset_performed_prop