Merge "Reland "Re-open /dev/binder access to all."" am: aa6793febd
am: 88fedc2159
Change-Id: I3a3ed29426dcc09d41d93ba51bff02e8695fa751
This commit is contained in:
commit
f1fbf2734e
3 changed files with 28 additions and 39 deletions
|
@ -250,6 +250,11 @@ neverallow all_untrusted_apps {
|
|||
-untrusted_app_visible_hwservice_violators
|
||||
}:hwservice_manager find;
|
||||
|
||||
neverallow all_untrusted_apps {
|
||||
vendor_service
|
||||
vintf_service
|
||||
}:service_manager find;
|
||||
|
||||
# SELinux is not an API for untrusted apps to use
|
||||
neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
|
||||
|
||||
|
|
|
@ -98,6 +98,12 @@ attribute ephemeral_app_api_service;
|
|||
# services which export only system_api
|
||||
attribute system_api_service;
|
||||
|
||||
# services which should only be available to vendor
|
||||
attribute vendor_service;
|
||||
|
||||
# services which should be available system<->vendor
|
||||
attribute vintf_service;
|
||||
|
||||
# All types used for services managed by servicemanager.
|
||||
# On change, update CHECK_SC_ASSERT_ATTRS
|
||||
# definition in tools/checkfc.c.
|
||||
|
|
|
@ -88,15 +88,9 @@ allow domain ashmem_server:fd use;
|
|||
allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
|
||||
allow { domain -coredomain -appdomain } ashmem_server: binder call;
|
||||
|
||||
# /dev/binder can be accessed by non-vendor domains and by apps
|
||||
allow {
|
||||
coredomain
|
||||
appdomain
|
||||
binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
-hwservicemanager
|
||||
} binder_device:chr_file rw_file_perms;
|
||||
# Devices which are not full TREBLE have fewer restrictions on access to /dev/binder
|
||||
not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
|
||||
# /dev/binder can be accessed by ... everyone! :)
|
||||
allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
|
||||
|
||||
allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
|
||||
allow domain ptmx_device:chr_file rw_file_perms;
|
||||
allow domain random_device:chr_file rw_file_perms;
|
||||
|
@ -630,30 +624,22 @@ neverallow hwservicemanager vndbinder_device:chr_file no_rw_file_perms;
|
|||
neverallow vndservicemanager binder_device:chr_file no_rw_file_perms;
|
||||
neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms;
|
||||
|
||||
# On full TREBLE devices, only core components and apps can use Binder and servicemanager. Non-core
|
||||
# domain apps need this because Android framework offers many of its services to apps as Binder
|
||||
# services.
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
} binder_device:chr_file rw_file_perms;
|
||||
')
|
||||
# system services cant add vendor services
|
||||
neverallow {
|
||||
coredomain
|
||||
} vendor_service:service_manager add;
|
||||
|
||||
# libcutils can probe for /dev/binder permissions with access(). Ignore
|
||||
# generated denials. See b/129073672 for details.
|
||||
dontaudit domain binder_device:chr_file audit_access;
|
||||
# vendor services cant add system services
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone
|
||||
} {
|
||||
service_manager_type
|
||||
-vendor_service
|
||||
-vintf_service
|
||||
}:service_manager add;
|
||||
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain # restrictions for vendor apps are declared lower down
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
} service_manager_type:service_manager find;
|
||||
')
|
||||
full_treble_only(`
|
||||
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
|
||||
# services which can change any time framework/core is updated, breakage is likely.
|
||||
|
@ -679,14 +665,6 @@ full_treble_only(`
|
|||
-vr_manager_service
|
||||
}:service_manager find;
|
||||
')
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
domain
|
||||
-coredomain
|
||||
-appdomain
|
||||
-binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
|
||||
} servicemanager:binder { call transfer };
|
||||
')
|
||||
|
||||
# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
|
||||
full_treble_only(`
|
||||
|
|
Loading…
Reference in a new issue