Sepolicy: Add ASAN-Extract

am: 82071b6859

Change-Id: Ia3bd034033f82aaed63b173e5205e7449e2743ef
This commit is contained in:
Andreas Gampe 2017-04-06 03:22:39 +00:00 committed by android-build-merger
commit ea26683eb4
6 changed files with 53 additions and 2 deletions

8
private/asan_extract.te Normal file
View file

@ -0,0 +1,8 @@
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
# Technically not a daemon but we do want the transition from init domain to
# asan_extract to occur.
with_asan(`
typeattribute asan_extract coredomain;
init_daemon_domain(asan_extract)
')

View file

@ -2,3 +2,4 @@
/data/asan/system/lib64(/.*)? u:object_r:system_file:s0
/data/asan/vendor/lib(/.*)? u:object_r:system_file:s0
/data/asan/vendor/lib64(/.*)? u:object_r:system_file:s0
/system/bin/asan_extract u:object_r:asan_extract_exec:s0

View file

@ -111,3 +111,6 @@ wlan. u:object_r:wifi_prop:s0
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
# ASAN install trigger
asan.restore_reboot u:object_r:asan_reboot_prop:s0

36
public/asan_extract.te Normal file
View file

@ -0,0 +1,36 @@
# asan_extract
#
# This command set moves the artifact corresponding to the current slot
# from /data/ota to /data/dalvik-cache.
with_asan(`
type asan_extract, domain, coredomain;
type asan_extract_exec, exec_type, file_type;
# Allow asan_extract to execute itself using #!/system/bin/sh
allow asan_extract shell_exec:file rx_file_perms;
# We execute log, rm, gzip and tar.
allow asan_extract toolbox_exec:file rx_file_perms;
allow asan_extract system_file:file execute_no_trans;
# asan_extract deletes old /data/lib.
allow asan_extract system_file:dir { open read remove_name rmdir write };
allow asan_extract system_file:file unlink;
# asan_extract untars ASAN libraries into /data.
allow asan_extract system_data_file:dir create_dir_perms ;
allow asan_extract system_data_file:{ file lnk_file } create_file_perms ;
# Relabel the libraries with restorecon.
allow asan_extract file_contexts_file:file r_file_perms;
allow asan_extract system_data_file:{ dir file } relabelfrom;
allow asan_extract system_file:dir { relabelto setattr };
allow asan_extract system_file:file relabelto;
# Restorecon will actually already try to run with sanitized libraries (libpackagelistparser).
allow asan_extract system_data_file:file execute;
# We use asan.restore_reboot to signal a reboot is required.
set_prop(asan_extract, asan_reboot_prop)
')

View file

@ -300,6 +300,7 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
neverallow {
domain
-appdomain
with_asan(`-asan_extract')
-dumpstate
-shell
userdebug_or_eng(`-su')
@ -336,9 +337,9 @@ neverallow { domain -init } properties_device:file { no_w_file_perms no_x_file_p
neverallow { domain -init } properties_serial:file { no_w_file_perms no_x_file_perms };
# Only recovery should be doing writes to /system
neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
neverallow { domain -recovery with_asan(`-asan_extract') } { system_file exec_type }:dir_file_class_set
{ create write setattr relabelfrom append unlink link rename };
neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto;
neverallow { domain -recovery -kernel with_asan(`-asan_extract') } { system_file exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
neverallow * exec_type:dir_file_class_set mounton;
@ -739,6 +740,7 @@ neverallow {
-system_app
-init
-installd # for relabelfrom and unlink, check for this in explicit neverallow
with_asan(`-asan_extract')
} system_data_file:file no_w_file_perms;
# do not grant anything greater than r_file_perms and relabelfrom unlink
# to installd

View file

@ -1,3 +1,4 @@
type asan_reboot_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
type bluetooth_prop, property_type;