SELinux policy for secure persistent netd storage
This is used to persist RFC 7217 stable secrets across device reboots. Test: as follows - Manually tested that stable_secret is generated on first use and persists until reset of user data partition (factory reset). - Tested that "adb shell getprop" was denied access to persist.netd.stable_secret after running "adb unroot". Bug: 17613910 Change-Id: I4dad00fb189d697aceaffae49ad63987c7e45054
This commit is contained in:
parent
1847a38b4a
commit
ef1fd98b6a
3 changed files with 11 additions and 0 deletions
|
@ -50,6 +50,7 @@ persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
|||
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
||||
persist.log.tag u:object_r:log_tag_prop:s0
|
||||
persist.mmc. u:object_r:mmc_prop:s0
|
||||
persist.netd. u:object_r:netd_prop:s0
|
||||
persist.sys. u:object_r:system_prop:s0
|
||||
persist.sys.safemode u:object_r:safemode_prop:s0
|
||||
ro.sys.safemode u:object_r:safemode_prop:s0
|
||||
|
|
|
@ -58,6 +58,7 @@ allow netd dnsmasq:process signal;
|
|||
allow netd clatd:process signal;
|
||||
|
||||
set_prop(netd, ctl_mdnsd_prop)
|
||||
set_prop(netd, netd_prop)
|
||||
|
||||
# Allow netd to publish a binder service and make binder calls.
|
||||
binder_use(netd)
|
||||
|
@ -104,3 +105,11 @@ neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
|
|||
neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
|
||||
neverallow { domain -system_server -dumpstate } netd:binder call;
|
||||
neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
|
||||
|
||||
# persist.netd.stable_secret contains RFC 7217 secret key which should never be
|
||||
# leaked to other processes. Make sure it never leaks.
|
||||
neverallow { domain -netd -init } netd_prop:file r_file_perms;
|
||||
|
||||
# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
|
||||
# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
|
||||
neverallow { domain -netd -init } netd_prop:property_service set;
|
||||
|
|
|
@ -30,6 +30,7 @@ type log_tag_prop, property_type, log_property_type;
|
|||
type mmc_prop, property_type;
|
||||
type net_dns_prop, property_type;
|
||||
type net_radio_prop, property_type, core_property_type;
|
||||
type netd_prop, property_type;
|
||||
type nfc_prop, property_type, core_property_type;
|
||||
type overlay_prop, property_type;
|
||||
type pan_result_prop, property_type, core_property_type;
|
||||
|
|
Loading…
Reference in a new issue