tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Move MediaProvider to its own domain, add new MtpServer permissions

Browse source 
Also move necessary priv_app permissions into MediaProvider domain and
remove MediaProvider specific permissions from priv_app.

The new MtpServer permissions fix the following denials:

avc: denied { write } for comm=6D747020666673206F70656E name="ep0" dev="functionfs" ino=12326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=1

denial from setting property sys.usb.ffs.mtp.ready, context priv_app

Bug: 30976142
Test: Manual, verify permissions are allowed
Change-Id: I4e66c5a8b36be21cdb726b5d00c1ec99c54a4aa4
This commit is contained in:
Jerry Zhang 2016-09-22 11:07:50 -07:00
parent 9f1e2b53fb
commit f921dd9cad
6 changed files with 58 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
private/mac_permissions.xml
View file

@ -51,4 +51,9 @@
<seinfo value="platform" />
</signer>
<!-- Media key in AOSP -->
<signer signature="@MEDIA" >
<seinfo value="media" />
</signer>
</policy>

1
private/mediaprovider.te Normal file
View file

@ -0,0 +1 @@
app_domain(mediaprovider)

1
private/seapp_contexts
View file

@ -93,6 +93,7 @@ user=radio seinfo=platform domain=radio type=radio_data_file
user=shared_relro domain=shared_relro
user=shell seinfo=platform domain=shell type=shell_data_file
user=_isolated domain=isolated_app levelFrom=user
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=ephemeral_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user

2
public/file.te
View file

@ -59,7 +59,7 @@ type debugfs, fs_type;
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing, fs_type, debugfs_type;
type pstorefs, fs_type;
type functionfs, fs_type;
type functionfs, fs_type, mlstrustedobject;
type oemfs, fs_type, contextmount_type;
type usbfs, fs_type;
type binfmt_miscfs, fs_type;

50
public/mediaprovider.te Normal file
View file

@ -0,0 +1,50 @@
type mediaprovider, domain;
# MtpServer uses /dev/mtp_usb
allow mediaprovider mtp_device:chr_file rw_file_perms;
# MtpServer uses /dev/usb-ffs/mtp
allow mediaprovider functionfs:dir search;
allow mediaprovider functionfs:file rw_file_perms;
# MtpServer sets sys.usb.ffs.mtp.ready
set_prop(mediaprovider, ffs_prop)
allow mediaprovider mediacodec_service:service_manager find;
allow mediaprovider mediadrmserver_service:service_manager find;
allow mediaprovider mediaextractor_service:service_manager find;
allow mediaprovider mediaserver_service:service_manager find;
allow mediaprovider app_api_service:service_manager find;
allow mediaprovider system_api_service:service_manager find;
# /sys and /proc access
r_dir_file(mediaprovider, sysfs_type)
r_dir_file(mediaprovider, proc)
r_dir_file(mediaprovider, rootfs)
# Access to /data/preloads
allow mediaprovider preloads_data_file:file r_file_perms;
###
### neverallow rules (see corresponding rules in priv_app)
###
# Receive or send uevent messages.
neverallow mediaprovider domain:netlink_kobject_uevent_socket *;
# Receive or send generic netlink messages
neverallow mediaprovider domain:netlink_socket *;
# Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable.
neverallow mediaprovider debugfs:file read;
# Only trusted components of Android should be registering
# services.
neverallow mediaprovider service_manager_type:service_manager add;
# Do not allow mediaprovider to be assigned mlstrustedsubject.
neverallow mediaprovider mlstrustedsubject:process fork;
# Do not allow mediaprovider to hard link to any files.
neverallow mediaprovider file_type:file link;

7
public/priv_app.te
View file

@ -16,9 +16,6 @@ allow priv_app self:process ptrace;
allow priv_app app_data_file:file rx_file_perms;
auditallow priv_app app_data_file:file execute_no_trans;
# android.process.media uses /dev/mtp_usb
allow priv_app mtp_device:chr_file rw_file_perms;
allow priv_app audioserver_service:service_manager find;
allow priv_app cameraserver_service:service_manager find;
allow priv_app drmserver_service:service_manager find;
@ -34,10 +31,6 @@ allow priv_app system_api_service:service_manager find;
allow priv_app persistent_data_block_service:service_manager find;
allow priv_app recovery_service:service_manager find;
# Traverse into /mnt/media_rw for bypassing FUSE daemon
# TODO: narrow this to just MediaProvider
allow priv_app mnt_media_rw_file:dir search;
# Write to /cache.
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
allow priv_app { cache_file cache_recovery_file }:file create_file_perms;