SEPolicy: dontaudit attempts to create marker files.

Binaries other than boringssl_self_test_exec are not allowed to create marker files /dev/boringssl/selftest/[hash]. Right now, some processes still attempt to because: - Some binaries run so early during early-init that boringssl_self_test{32,64} hasn't had a chance to run yet, so the marker file doesn't exist yet, so the unprivileged process attempts to create it. - Some binaries statically link libcrypto so their [hash] is different from that used by boringssl_self_test{32,64}. There's some ongoing work to stop those binaries even attempting to create the marker files but it's not a big deal if they do. Similarly, there is ongoing work to minimize or eliminate static linking of this library. For now, this CL turns off audit logs for this behavior since it is harmless (a cosmetic issue) and in order to not hold up the bulk of the logic being submitted. Bug: 137267623 Test: Treehugger Change-Id: I3de664c5959efd130f761764fe63515795ea9b98
2019-09-11 19:11:46 +01:00 · 2019-09-11 19:11:46 +01:00 · a9b718a1ed
commit a9b718a1ed
parent ff8cd0bee9
1 changed files with 18 additions and 0 deletions
--- a/private/boringssl_self_test.te
+++ b/private/boringssl_self_test.te
@ -18,3 +18,21 @@ neverallow {
  -init
  -vendor_init
 } boringssl_self_test_marker:file no_rw_file_perms;
+
+neverallow {
+  domain
+  -boringssl_self_test
+  -init
+  -vendor_init
+} boringssl_self_test_marker:dir write;
+
+# If those other processes attempt to create the marker files
+# (which starts with :dir write), that's not a big deal.
+# Don't log about it.
+dontaudit {
+  domain
+  -boringssl_self_test
+  -init
+  -vendor_init
+} boringssl_self_test_marker:dir write;
+