Disallow microdroid from running arbitrary domains

Test: atest MicrodroidHostTestCases Test: atest ComposHostTestCases Change-Id: I43bf09d85efa4276e929babd854c49ccedfd8058
2021-07-23 06:39:27 +00:00 · 2021-07-23 06:39:27 +00:00 · a89d6aa301
commit a89d6aa301
parent 7560aed40a
1 changed files with 4 additions and 9 deletions
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@ -15,12 +15,6 @@ allow microdroid_manager vd_device:blk_file r_file_perms;
 domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
 domain_auto_trans(microdroid_manager, compos_exec, compos)

-# Let microdroid_manager exec other files (e.g. payload command) in the same domain.
-# TODO(b/189706019) we need to a domain for the app process.
-allow microdroid_manager system_file:file execute_no_trans;
-# Until then, allow microdroid_manager to execute the shell or other system executables.
-allow microdroid_manager {shell_exec toolbox_exec}:file rx_file_perms;
-
 # Let microdroid_manager kernel-log.
 allow microdroid_manager kmsg_device:chr_file w_file_perms;

@ -28,11 +22,12 @@ allow microdroid_manager kmsg_device:chr_file w_file_perms;
 set_prop(microdroid_manager, vmsecret_keymint_prop);

 # Let microdroid_manager read a config file from /mnt/apk (fusefs)
-# TODO(b/188400186) remove the below two rules
+# TODO(b/188400186) remove the below rule
 userdebug_or_eng(`
-  allow microdroid_manager fuse:dir r_dir_perms;
-  allow microdroid_manager fuse:file rx_file_perms;
+  r_dir_file(microdroid_manager, fuse)
 ')

 # Let microdroid_manager to create a vsock connection back to the host VM
 allow microdroid_manager self:vsock_socket { create_socket_perms_no_ioctl };
+
+neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;