From 9fe1532ade1c47068e2c9e840a695288d78ecdc2 Mon Sep 17 00:00:00 2001 From: Hasini Gunasinghe Date: Fri, 2 Jul 2021 23:14:50 +0000 Subject: [PATCH] Allow keystore to read and write keystore.crash_count system property. Additionally, remove the obsolete permission which allows keystore to register callbacks with statsd. There's no direct communication between keystore and statsd now. Ignore-AOSP-First: No mergepath to AOSP. Bug: 188590587 Test: statsd TestDrive script. Merged-In: I31d202751ba78bb547822020260a7e366cb8826e Change-Id: I31d202751ba78bb547822020260a7e366cb8826e --- prebuilts/api/31.0/private/keystore.te | 9 +++++---- prebuilts/api/31.0/private/property.te | 1 + prebuilts/api/31.0/private/property_contexts | 3 +++ private/keystore.te | 9 +++++---- private/property.te | 1 + private/property_contexts | 3 +++ 6 files changed, 18 insertions(+), 8 deletions(-) diff --git a/prebuilts/api/31.0/private/keystore.te b/prebuilts/api/31.0/private/keystore.te index 3fccf5991..884222412 100644 --- a/prebuilts/api/31.0/private/keystore.te +++ b/prebuilts/api/31.0/private/keystore.te @@ -20,10 +20,6 @@ get_prop(keystore, device_logging_prop) # Allow keystore to write to statsd. unix_socket_send(keystore, statsdw, statsd) -# Allow keystore to register callbacks with statsd. -allow keystore stats_service:service_manager find; -binder_call(keystore, statsd); - # Keystore need access to the keystore_key context files to load the keystore key backend. allow keystore keystore2_key_contexts_file:file r_file_perms; @@ -33,3 +29,8 @@ get_prop(keystore, keystore_listen_prop) # can call keystore methods on those references. allow keystore vold:binder transfer; allow keystore wait_for_keymaster:binder transfer; + +# Only keystore can set keystore.crash_count system property. Since init is allowed to set any +# system property, an exception is added for init as well. +set_prop(keystore, keystore_crash_prop) +neverallow { domain -keystore -init } keystore_crash_prop:property_service set; diff --git a/prebuilts/api/31.0/private/property.te b/prebuilts/api/31.0/private/property.te index 13aa7d053..6c0b52145 100644 --- a/prebuilts/api/31.0/private/property.te +++ b/prebuilts/api/31.0/private/property.te @@ -15,6 +15,7 @@ system_internal_prop(gsid_prop) system_internal_prop(init_perf_lsm_hooks_prop) system_internal_prop(init_service_status_private_prop) system_internal_prop(init_svc_debug_prop) +system_internal_prop(keystore_crash_prop) system_internal_prop(keystore_listen_prop) system_internal_prop(last_boot_reason_prop) system_internal_prop(localization_prop) diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts index 5f354caab..4947677db 100644 --- a/prebuilts/api/31.0/private/property_contexts +++ b/prebuilts/api/31.0/private/property_contexts @@ -1150,6 +1150,9 @@ ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool # Broadcast boot stages, which keystore listens to keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int +# Property that tracks keystore crash counts during a boot cycle. +keystore.crash_count u:object_r:keystore_crash_prop:s0 exact int + partition.system.verified u:object_r:verity_status_prop:s0 exact string partition.system_ext.verified u:object_r:verity_status_prop:s0 exact string partition.product.verified u:object_r:verity_status_prop:s0 exact string diff --git a/private/keystore.te b/private/keystore.te index 3fccf5991..884222412 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -20,10 +20,6 @@ get_prop(keystore, device_logging_prop) # Allow keystore to write to statsd. unix_socket_send(keystore, statsdw, statsd) -# Allow keystore to register callbacks with statsd. -allow keystore stats_service:service_manager find; -binder_call(keystore, statsd); - # Keystore need access to the keystore_key context files to load the keystore key backend. allow keystore keystore2_key_contexts_file:file r_file_perms; @@ -33,3 +29,8 @@ get_prop(keystore, keystore_listen_prop) # can call keystore methods on those references. allow keystore vold:binder transfer; allow keystore wait_for_keymaster:binder transfer; + +# Only keystore can set keystore.crash_count system property. Since init is allowed to set any +# system property, an exception is added for init as well. +set_prop(keystore, keystore_crash_prop) +neverallow { domain -keystore -init } keystore_crash_prop:property_service set; diff --git a/private/property.te b/private/property.te index 13aa7d053..6c0b52145 100644 --- a/private/property.te +++ b/private/property.te @@ -15,6 +15,7 @@ system_internal_prop(gsid_prop) system_internal_prop(init_perf_lsm_hooks_prop) system_internal_prop(init_service_status_private_prop) system_internal_prop(init_svc_debug_prop) +system_internal_prop(keystore_crash_prop) system_internal_prop(keystore_listen_prop) system_internal_prop(last_boot_reason_prop) system_internal_prop(localization_prop) diff --git a/private/property_contexts b/private/property_contexts index 5f354caab..4947677db 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -1150,6 +1150,9 @@ ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool # Broadcast boot stages, which keystore listens to keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int +# Property that tracks keystore crash counts during a boot cycle. +keystore.crash_count u:object_r:keystore_crash_prop:s0 exact int + partition.system.verified u:object_r:verity_status_prop:s0 exact string partition.system_ext.verified u:object_r:verity_status_prop:s0 exact string partition.product.verified u:object_r:verity_status_prop:s0 exact string