Allow /dev/klog access, drop mknod and __null__ access
Allow vold, healthd, slideshow, and watchdogd access to /dev/kmsg.
These processes log to the kernel dmesg ring buffer, so they need
write access to that file.
Addresses the following denials:
avc: denied { write } for pid=134 comm="watchdogd" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:watchdogd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
avc: denied { write } for pid=166 comm="healthd" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:healthd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
avc: denied { write } for pid=180 comm="vold" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:vold:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
These denials were triggered by the change in
https://android-review.googlesource.com/151209 . Prior to that change,
any code which called klog_init would (unnecessarily) create the
device node themselves, rather than using the already existing device
node.
Drop special /dev/__null__ handling from watchdogd. As of
https://android-review.googlesource.com/148288 , watchdogd no longer
creates it's own /dev/null device, so it's unnecessary for us
to allow for it.
Drop mknod from healthd, slideshow, and watchdogd. healthd and slideshow
only needed mknod to create /dev/__kmsg__, which is now obsolete.
watchdogd only needed mknod to create /dev/__kmsg__ and /dev/__null__,
which again is now obsolete.
Bug: 21242418
Change-Id: If01c8001084575e7441253f0fa8b4179ae33f534
This commit is contained in:
Nick Kralevich
parent
dc496c2bfb
commit
e2651972c1
7 changed files with 20 additions and 27 deletions
|
|
@ -187,7 +187,13 @@ neverallow {
|
|||
} self:capability sys_ptrace;
|
||||
|
||||
# Limit device node creation to these whitelisted domains.
|
||||
neverallow { domain -kernel -init -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod;
|
||||
neverallow {
|
||||
domain
|
||||
-kernel
|
||||
-init
|
||||
-ueventd
|
||||
-vold
|
||||
} self:capability mknod;
|
||||
|
||||
# Limit raw I/O to these whitelisted domains.
|
||||
neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio;
|
||||
|
|
|
|||
|
|
@ -2,12 +2,10 @@
|
|||
# it lives in the rootfs and has no unique file type.
|
||||
type healthd, domain;
|
||||
|
||||
write_klog(healthd)
|
||||
# /dev/__null__ created by init prior to policy load,
|
||||
# open fd inherited by healthd.
|
||||
allow healthd tmpfs:chr_file { read write };
|
||||
# Write to /dev/kmsg
|
||||
allow healthd kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
allow healthd self:capability { net_admin mknod sys_tty_config };
|
||||
allow healthd self:capability { net_admin sys_tty_config };
|
||||
wakelock_use(healthd)
|
||||
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
binder_use(healthd)
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
# it lives in the rootfs and has no unique file type.
|
||||
type slideshow, domain;
|
||||
|
||||
write_klog(slideshow)
|
||||
allow slideshow kmsg_device:chr_file rw_file_perms;
|
||||
wakelock_use(slideshow)
|
||||
allow slideshow device:dir r_dir_perms;
|
||||
allow slideshow self:capability { mknod sys_tty_config };
|
||||
allow slideshow self:capability sys_tty_config;
|
||||
allow slideshow graphics_device:dir r_dir_perms;
|
||||
allow slideshow graphics_device:chr_file rw_file_perms;
|
||||
allow slideshow input_device:dir r_dir_perms;
|
||||
|
|
|
|||
11
te_macros
11
te_macros
|
|
@ -274,17 +274,6 @@ define(`access_kmsg', `
|
|||
allow $1 kernel:system syslog_read;
|
||||
')
|
||||
|
||||
#####################################
|
||||
# write_klog(domain)
|
||||
# Ability to write to kernel log via
|
||||
# klog_write()
|
||||
# See system/core/libcutil/klog.c
|
||||
define(`write_klog', `
|
||||
type_transition $1 device:chr_file klog_device "__kmsg__";
|
||||
allow $1 klog_device:chr_file { create open write unlink };
|
||||
allow $1 device:dir { write add_name remove_name };
|
||||
')
|
||||
|
||||
#####################################
|
||||
# create_pty(domain)
|
||||
# Allow domain to create and use a pty, isolated from any other domain ptys.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,12 @@
|
|||
# it lives in the rootfs and has no unique file type.
|
||||
type ueventd, domain;
|
||||
tmpfs_domain(ueventd)
|
||||
write_klog(ueventd)
|
||||
|
||||
# TODO: why is ueventd using __kmsg__ when it should just create
|
||||
# and use /dev/kmsg instead?
|
||||
type_transition ueventd device:chr_file klog_device "__kmsg__";
|
||||
allow ueventd klog_device:chr_file { create open write unlink };
|
||||
|
||||
security_access_policy(ueventd)
|
||||
allow ueventd init:process sigchld;
|
||||
allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
|
||||
|
|
|
|||
2
vold.te
2
vold.te
|
|
@ -81,7 +81,7 @@ allow vold self:capability { sys_ptrace kill };
|
|||
# XXX Label sysfs files with a specific type?
|
||||
allow vold sysfs:file rw_file_perms;
|
||||
|
||||
write_klog(vold)
|
||||
allow vold kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
# Run fsck.
|
||||
allow vold fsck_exec:file rx_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,9 +1,4 @@
|
|||
# watchdogd seclabel is specified in init.<board>.rc
|
||||
type watchdogd, domain;
|
||||
allow watchdogd self:capability mknod;
|
||||
allow watchdogd device:dir { add_name write remove_name };
|
||||
allow watchdogd watchdog_device:chr_file rw_file_perms;
|
||||
# because of /dev/__kmsg__ and /dev/__null__
|
||||
write_klog(watchdogd)
|
||||
type_transition watchdogd device:chr_file null_device "__null__";
|
||||
allow watchdogd null_device:chr_file { create unlink };
|
||||
allow watchdogd kmsg_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue