75806ef3c5
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
68 lines
1.9 KiB
Text
68 lines
1.9 KiB
Text
typeattribute bootstat coredomain;
|
|
|
|
init_daemon_domain(bootstat)
|
|
|
|
# Collect metrics on boot time created by init
|
|
get_prop(bootstat, boottime_prop)
|
|
|
|
# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
|
|
set_prop(bootstat, bootloader_boot_reason_prop)
|
|
set_prop(bootstat, system_boot_reason_prop)
|
|
set_prop(bootstat, last_boot_reason_prop)
|
|
|
|
read_runtime_log_tags(bootstat)
|
|
|
|
# Allow persistent storage in /data/misc/bootstat.
|
|
allow bootstat bootstat_data_file:dir rw_dir_perms;
|
|
allow bootstat bootstat_data_file:file create_file_perms;
|
|
|
|
allow bootstat metadata_file:dir search;
|
|
allow bootstat metadata_bootstat_file:dir rw_dir_perms;
|
|
allow bootstat metadata_bootstat_file:file create_file_perms;
|
|
|
|
# ToDo: TBI move access for the following to a system health HAL
|
|
|
|
# Allow access to /sys/fs/pstore/ and syslog
|
|
allow bootstat pstorefs:dir search;
|
|
allow bootstat pstorefs:file r_file_perms;
|
|
allow bootstat kernel:system syslog_read;
|
|
|
|
# Allow access to reading the logs to read aspects of system health
|
|
read_logd(bootstat)
|
|
|
|
# Allow bootstat write to statsd.
|
|
unix_socket_send(bootstat, statsdw, statsd)
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
|
|
neverallow {
|
|
domain
|
|
-bootstat
|
|
-init
|
|
} system_boot_reason_prop:property_service set;
|
|
|
|
neverallow {
|
|
domain
|
|
-bootanim
|
|
-bootstat
|
|
-dumpstate
|
|
userdebug_or_eng(`-incidentd')
|
|
-init
|
|
-platform_app
|
|
-recovery
|
|
-shell
|
|
-system_server
|
|
} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
|
|
# ... and refine, as these components should not set the last boot reason
|
|
neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
|
|
|
|
neverallow {
|
|
domain
|
|
-bootstat
|
|
-init
|
|
-system_server
|
|
} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
|
|
# ... and refine ... for a ro propertly no less ... keep this _tight_
|
|
neverallow system_server bootloader_boot_reason_prop:property_service set;
|