From feae69915277a13372d0044fb7b555f71f0f7d1f Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Wed, 26 Jan 2022 08:45:17 +0900 Subject: [PATCH] Move mtectrl to private Because mtectrl is a system internal domain, and we don't need to expose the type to vendor. Bug: 206895651 Test: build and boot Change-Id: Idb5c4a4c6f175e338722971944bf08ba99835476 Merged-In: Idb5c4a4c6f175e338722971944bf08ba99835476 --- private/compat/30.0/30.0.ignore.cil | 1 - private/domain.te | 20 ++++++++++++++++++++ private/mtectrl.te | 1 + public/domain.te | 20 -------------------- public/mtectrl.te | 1 - 5 files changed, 21 insertions(+), 22 deletions(-) delete mode 100644 public/mtectrl.te diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil index dd8cc7f6d..0c36aed13 100644 --- a/private/compat/30.0/30.0.ignore.cil +++ b/private/compat/30.0/30.0.ignore.cil @@ -86,7 +86,6 @@ memtrackproxy_service mm_events_config_prop music_recognition_service - mtectrl nfc_logs_data_file odrefresh odrefresh_exec diff --git a/private/domain.te b/private/domain.te index b91d36d85..ad8beccc9 100644 --- a/private/domain.te +++ b/private/domain.te @@ -112,6 +112,26 @@ allow domain linkerconfig_file:file r_file_perms; # Allow all processes to check for the existence of the boringssl_self_test_marker files. allow domain boringssl_self_test_marker:dir search; +# No domains other than a select few can access the misc_block_device. This +# block device is reserved for OTA use. +# Do not assert this rule on userdebug/eng builds, due to some devices using +# this partition for testing purposes. +neverallow { + domain + userdebug_or_eng(`-domain') # exclude debuggable builds + -fastbootd + -hal_bootctl_server + -init + -uncrypt + -update_engine + -vendor_init + -vendor_misc_writer + -vold + -recovery + -ueventd + -mtectrl +} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock }; + # Limit ability to ptrace or read sensitive /proc/pid files of processes # with other UIDs to these allowlisted domains. neverallow { diff --git a/private/mtectrl.te b/private/mtectrl.te index a89edda03..436dcae55 100644 --- a/private/mtectrl.te +++ b/private/mtectrl.te @@ -1,4 +1,5 @@ # mtectrl is a tool to request MTE (Memory Tagging Extensions) from the bootloader. +type mtectrl, domain, coredomain; type mtectrl_exec, system_file_type, exec_type, file_type; init_daemon_domain(mtectrl) diff --git a/public/domain.te b/public/domain.te index 5c7c18cce..9d0c46d4d 100644 --- a/public/domain.te +++ b/public/domain.te @@ -610,26 +610,6 @@ neverallow { -update_engine } system_block_device:blk_file { write append }; -# No domains other than a select few can access the misc_block_device. This -# block device is reserved for OTA use. -# Do not assert this rule on userdebug/eng builds, due to some devices using -# this partition for testing purposes. -neverallow { - domain - userdebug_or_eng(`-domain') # exclude debuggable builds - -fastbootd - -hal_bootctl_server - -init - -uncrypt - -update_engine - -vendor_init - -vendor_misc_writer - -vold - -recovery - -ueventd - -mtectrl -} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock }; - # Only (hw|vnd|)servicemanager should be able to register with binder as the context manager neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr; # The service managers are only allowed to access their own device node diff --git a/public/mtectrl.te b/public/mtectrl.te deleted file mode 100644 index 2fb8a960c..000000000 --- a/public/mtectrl.te +++ /dev/null @@ -1 +0,0 @@ -type mtectrl, domain, coredomain;