Create an event_log_tags_file label and use it for
/dev/event-log-tags. Only trusted system log readers are allowed
direct read access to this file, no write access. Untrusted domain
requests lack direct access, and are thus checked for credentials via
the "plan b" long path socket to the event log tag service.
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 31456426
Bug: 30566487
Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
system/core commit 331cf2fb7c16b5b25064f8d2f00284105a9b413f created a
number of new properties of the form:
[ro.boottime.init]: [5294587604]
[ro.boottime.InputEventFind]: [10278767840]
[ro.boottime.adbd]: [8359267180]
...
These properties were assigned the default_prop SELinux label because a
better label did not exist. Properties labeled with the default_prop
label are readable to any SELinux domain, which is overly broad.
bullhead:/ $ getprop -Z ro.boottime.adbd
u:object_r:default_prop:s0
Instead, create a new label for the ro.boottime.* properties so we can
apply more fine grain read access control to these properties.
bullhead:/ $ getprop -Z ro.boottime.adbd
u:object_r:boottime_prop:s0
New SELinux property labels have minimal permissions by default. As a
result, after this change, ro.boottime.* properties will only be
readable to system_server, bootstat, init (because it manages the property
space), and "adb root" (because no SELinux permissions are enforced there).
Additional read access can be granted as-needed.
This is part of a larger effort to implement fine-grain access control
on the properties managed by init.
Test: Device boots and no SELinux denials on boot.
Change-Id: Ibf981cb81898f4356fdc5c1b6f15dd93c0d6d84d
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
