Update binder-related policy.
The binder_transfer_binder hook was changed in the kernel, obsoleting the receive permission and changing the target of the transfer permission. Update the binder-related policy to match the revised permission checking. Change-Id: I1ed0dadfde2efa93296e967eb44ca1314cf28586 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
Gerrit Code Review
parent
1f5939a976
commit
9ce99e3908
8 changed files with 9 additions and 23 deletions
|
|
@ -871,7 +871,6 @@ class binder
|
|||
call
|
||||
set_context_mgr
|
||||
transfer
|
||||
receive
|
||||
}
|
||||
|
||||
class zygote
|
||||
|
|
|
|||
2
app.te
2
app.te
|
|
@ -188,10 +188,8 @@ allow appdomain qtaguid_device:chr_file r_file_perms;
|
|||
binder_use(appdomain)
|
||||
# Perform binder IPC to binder services.
|
||||
binder_call(appdomain, binderservicedomain)
|
||||
binder_transfer(appdomain, binderservicedomain)
|
||||
# Perform binder IPC to other apps.
|
||||
binder_call(appdomain, appdomain)
|
||||
binder_transfer(appdomain, appdomain)
|
||||
|
||||
# Appdomain interaction with isolated apps
|
||||
r_dir_file(appdomain, isolated_app)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ r_dir_file(mediaserver, sdcard)
|
|||
binder_use(mediaserver)
|
||||
binder_call(mediaserver, binderservicedomain)
|
||||
binder_call(mediaserver, appdomain)
|
||||
binder_transfer(mediaserver, surfaceflinger)
|
||||
binder_service(mediaserver)
|
||||
|
||||
allow mediaserver kernel:system module_request;
|
||||
|
|
|
|||
|
|
@ -11,4 +11,4 @@ init_daemon_domain(servicemanager)
|
|||
# created by other domains. It never passes its own references
|
||||
# or initiates a Binder IPC.
|
||||
allow servicemanager self:binder set_context_mgr;
|
||||
allow servicemanager domain:binder { receive transfer };
|
||||
allow servicemanager domain:binder transfer;
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ unix_socket_connect(surfaceflinger, property, init)
|
|||
binder_use(surfaceflinger)
|
||||
binder_call(surfaceflinger, system)
|
||||
binder_service(surfaceflinger)
|
||||
allow surfaceflinger init:binder transfer;
|
||||
|
||||
# Access /dev/graphics/fb0.
|
||||
allow surfaceflinger graphics_device:dir search;
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ app_domain(system_app)
|
|||
|
||||
# Perform binder IPC to any app domain.
|
||||
binder_call(system_app, appdomain)
|
||||
binder_transfer(system_app, appdomain)
|
||||
|
||||
# Read and write system data files.
|
||||
# May want to split into separate types.
|
||||
|
|
@ -121,9 +120,6 @@ binder_use(system)
|
|||
binder_call(system, binderservicedomain)
|
||||
binder_call(system, appdomain)
|
||||
binder_service(system)
|
||||
# Transfer other Binder references.
|
||||
binder_transfer(system, binderservicedomain)
|
||||
binder_transfer(system, appdomain)
|
||||
|
||||
# Read /proc/pid files for Binder clients.
|
||||
r_dir_file(system, appdomain)
|
||||
|
|
|
|||
19
te_macros
19
te_macros
|
|
@ -152,10 +152,8 @@ allow $1 $3:unix_dgram_socket sendto;
|
|||
# binder_use(domain)
|
||||
# Allow domain to use Binder IPC.
|
||||
define(`binder_use', `
|
||||
# Get Binder references from the servicemanager.
|
||||
allow $1 servicemanager:binder call;
|
||||
# Transfer and receive own Binder references.
|
||||
allow $1 self:binder { transfer receive };
|
||||
# Call the servicemanager and transfer references to it.
|
||||
allow $1 servicemanager:binder { call transfer };
|
||||
# Map /dev/ashmem with PROT_EXEC.
|
||||
allow $1 ashmem_device:chr_file execute;
|
||||
# rw access to /dev/binder and /dev/ashmem is presently granted to
|
||||
|
|
@ -166,19 +164,14 @@ allow $1 ashmem_device:chr_file execute;
|
|||
# binder_call(clientdomain, serverdomain)
|
||||
# Allow clientdomain to perform binder IPC to serverdomain.
|
||||
define(`binder_call', `
|
||||
# First we receive a Binder ref to the server, then we call it.
|
||||
allow $1 $2:binder { receive call };
|
||||
# Call the server domain and optionally transfer references to it.
|
||||
allow $1 $2:binder { call transfer };
|
||||
# Allow the serverdomain to transfer references to the client on the reply.
|
||||
allow $2 $1:binder transfer;
|
||||
# Receive and use open files from the server.
|
||||
allow $1 $2:fd use;
|
||||
')
|
||||
|
||||
#####################################
|
||||
# binder_transfer(clientdomain, serverdomain)
|
||||
# Allow clientdomain to transfer Binder references created by serverdomain.
|
||||
define(`binder_transfer', `
|
||||
allow $1 $2:binder transfer;
|
||||
')
|
||||
|
||||
#####################################
|
||||
# binder_service(domain)
|
||||
# Mark a domain as being a Binder service domain.
|
||||
|
|
|
|||
|
|
@ -20,5 +20,5 @@ allow unconfineddomain netif_type:netif *;
|
|||
allow unconfineddomain port_type:socket_class_set name_bind;
|
||||
allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect;
|
||||
allow unconfineddomain domain:peer recv;
|
||||
allow unconfineddomain domain:binder { call transfer receive };
|
||||
allow unconfineddomain domain:binder { call transfer };
|
||||
allow unconfineddomain property_type:property_service set;
|
||||
|
|
|
|||
Loading…
Reference in a new issue