Merge changes Icdf207c5,I20aa48ef am: 30a06d278f
am: 169bfcfe88
am: 99f2860521
am: 4a474dc430
Change-Id: I358be00c77b2d7b7596151d43f98483018ba987f
This commit is contained in:
commit
bc0374bdc4
4 changed files with 27 additions and 48 deletions
|
@ -250,6 +250,11 @@ neverallow all_untrusted_apps {
|
|||
-untrusted_app_visible_hwservice_violators
|
||||
}:hwservice_manager find;
|
||||
|
||||
neverallow all_untrusted_apps {
|
||||
vendor_service
|
||||
vintf_service
|
||||
}:service_manager find;
|
||||
|
||||
# SELinux is not an API for untrusted apps to use
|
||||
neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
|
||||
|
||||
|
|
|
@ -98,6 +98,12 @@ attribute ephemeral_app_api_service;
|
|||
# services which export only system_api
|
||||
attribute system_api_service;
|
||||
|
||||
# services which should only be available to vendor
|
||||
attribute vendor_service;
|
||||
|
||||
# services which should be available system<->vendor
|
||||
attribute vintf_service;
|
||||
|
||||
# All types used for services managed by servicemanager.
|
||||
# On change, update CHECK_SC_ASSERT_ATTRS
|
||||
# definition in tools/checkfc.c.
|
||||
|
|
|
@ -88,15 +88,9 @@ allow domain ashmem_server:fd use;
|
|||
allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
|
||||
allow { domain -coredomain -appdomain } ashmem_server: binder call;
|
||||
|
||||
# /dev/binder can be accessed by non-vendor domains and by apps
|
||||
allow {
|
||||
coredomain
|
||||
appdomain
|
||||
binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
-hwservicemanager
|
||||
} binder_device:chr_file rw_file_perms;
|
||||
# Devices which are not full TREBLE have fewer restrictions on access to /dev/binder
|
||||
not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
|
||||
# /dev/binder can be accessed by ... everyone! :)
|
||||
allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
|
||||
|
||||
allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
|
||||
allow domain ptmx_device:chr_file rw_file_perms;
|
||||
allow domain random_device:chr_file rw_file_perms;
|
||||
|
@ -630,30 +624,21 @@ neverallow hwservicemanager vndbinder_device:chr_file no_rw_file_perms;
|
|||
neverallow vndservicemanager binder_device:chr_file no_rw_file_perms;
|
||||
neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms;
|
||||
|
||||
# On full TREBLE devices, only core components and apps can use Binder and servicemanager. Non-core
|
||||
# domain apps need this because Android framework offers many of its services to apps as Binder
|
||||
# services.
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
} binder_device:chr_file rw_file_perms;
|
||||
')
|
||||
# system services cant add vendor services
|
||||
neverallow {
|
||||
coredomain
|
||||
} vendor_service:service_manager add;
|
||||
|
||||
# libcutils can probe for /dev/binder permissions with access(). Ignore
|
||||
# generated denials. See b/129073672 for details.
|
||||
dontaudit domain binder_device:chr_file audit_access;
|
||||
# vendor services cant add system services
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
} {
|
||||
service_manager_type
|
||||
-vendor_service
|
||||
-vintf_service
|
||||
}:service_manager add;
|
||||
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain # restrictions for vendor apps are declared lower down
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
} service_manager_type:service_manager find;
|
||||
')
|
||||
full_treble_only(`
|
||||
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
|
||||
# services which can change any time framework/core is updated, breakage is likely.
|
||||
|
@ -679,14 +664,6 @@ full_treble_only(`
|
|||
-vr_manager_service
|
||||
}:service_manager find;
|
||||
')
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
} servicemanager:binder { call transfer };
|
||||
')
|
||||
|
||||
# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
|
||||
full_treble_only(`
|
||||
|
|
9
vendor/mediacodec.te
vendored
9
vendor/mediacodec.te
vendored
|
@ -3,15 +3,6 @@ type mediacodec_exec, exec_type, vendor_file_type, file_type;
|
|||
|
||||
init_daemon_domain(mediacodec)
|
||||
|
||||
not_full_treble(`
|
||||
# on legacy devices, continue to allow /dev/binder traffic
|
||||
binder_use(mediacodec)
|
||||
binder_service(mediacodec)
|
||||
add_service(mediacodec, mediacodec_service)
|
||||
allow mediacodec mediametrics_service:service_manager find;
|
||||
allow mediacodec surfaceflinger_service:service_manager find;
|
||||
')
|
||||
|
||||
# can route /dev/binder traffic to /dev/vndbinder
|
||||
vndbinder_use(mediacodec)
|
||||
|
||||
|
|
Loading…
Reference in a new issue