platform_system_sepolicy

History

Jiyong Park 02df74af6d Add rules for prng_seeder The process has the exclusive access to /dev/hw_random. It instead opens provides a socket (/dev/prng_seeder/socket) which any process can connect to to get random numbers. This CL is basically a Microdroid version of aosp/2215051 Bug: 247781653 Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d * Verify prng_seeder daemon is running and has the correct label (via ps -Z) * Verify prng_seeder socket present and has correct label (via ls -Z) * Verify no SELinux denials * strace a libcrypto process and verify it reads seeding data from prng_seeder (e.g. strace bssl rand -hex 1024) * strace seeder daemon to observe incoming connections (e.g. strace -f -p `pgrep prng_seeder`) Change-Id: I3483132ead0f5d101b5b3365f78cc36d89528f0e	2022-12-20 22:01:57 +09:00
..
private	Add rules for prng_seeder	2022-12-20 22:01:57 +09:00
public	Merge "Remove netdomain from Microdroid"	2022-12-10 06:57:54 +00:00

Jiyong Park 02df74af6d Add rules for prng_seeder

The process has the exclusive access to /dev/hw_random. It instead opens
provides a socket (/dev/prng_seeder/socket) which any process can
connect to to get random numbers.

This CL is basically a Microdroid version of aosp/2215051

Bug: 247781653
Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d
    * Verify prng_seeder daemon is running and has the
      correct label (via ps -Z)
    * Verify prng_seeder socket present and has correct
      label (via ls -Z)
    * Verify no SELinux denials
    * strace a libcrypto process and verify it reads seeding
      data from prng_seeder (e.g. strace bssl rand -hex 1024)
    * strace seeder daemon to observe incoming connections
      (e.g. strace -f -p `pgrep prng_seeder`)

Change-Id: I3483132ead0f5d101b5b3365f78cc36d89528f0e

2022-12-20 22:01:57 +09:00

private

Add rules for prng_seeder

2022-12-20 22:01:57 +09:00

public

Merge "Remove netdomain from Microdroid"

2022-12-10 06:57:54 +00:00