platform_system_sepolicy/adbd.te
William Roberts 2f5a6a96bd Replace unix_socket_connect() and explicit property sets with macro
A common source of mistakes when authoring sepolicy is properly
setting up property sets. This is a 3 part step of:
1. Allowing the unix domain connection to the init/property service
2. Allowing write on the property_socket file
3. Allowing the set on class property_service

The macro unix_socket_connect() handled 1 and 2, but could be
confusing for first time policy authors. 3 had to be explicitly
added.

To correct this, we introduce a new macros:
set_prop(sourcedomain, targetprop)

This macro handles steps 1, 2 and 3.

No difference in sediff is expected.

(cherrypicked from commit 625a3526f1)

Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
2015-05-07 10:32:06 -07:00

91 lines
2.9 KiB
Text

# adbd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type adbd, domain, mlstrustedsubject;
userdebug_or_eng(`
allow adbd self:process setcurrent;
allow adbd su:process dyntransition;
')
domain_auto_trans(adbd, shell_exec, shell)
# Do not sanitize the environment or open fds of the shell.
allow adbd shell:process noatsecure;
# Set UID and GID to shell. Set supplementary groups.
allow adbd self:capability { setuid setgid };
# Drop capabilities from bounding set on user builds.
allow adbd self:capability setpcap;
# Create and use network sockets.
net_domain(adbd)
# Access /dev/android_adb or /dev/usb-ffs/adb/ep0
allow adbd adb_device:chr_file rw_file_perms;
allow adbd functionfs:dir search;
allow adbd functionfs:file rw_file_perms;
# Use a pseudo tty.
allow adbd devpts:chr_file rw_file_perms;
# adb push/pull /data/local/tmp.
allow adbd shell_data_file:dir create_dir_perms;
allow adbd shell_data_file:file create_file_perms;
# adb push/pull sdcard.
allow adbd sdcard_type:dir create_dir_perms;
allow adbd sdcard_type:file create_file_perms;
# adb pull /data/anr/traces.txt
allow adbd anr_data_file:dir r_dir_perms;
allow adbd anr_data_file:file r_file_perms;
# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
set_prop(adbd, shell_prop)
set_prop(adbd, powerctl_prop)
set_prop(adbd, ffs_prop)
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
# Perform binder IPC to surfaceflinger (screencap)
# XXX Run screencap in a separate domain?
binder_use(adbd)
binder_call(adbd, surfaceflinger)
# b/13188914
allow adbd gpu_device:chr_file rw_file_perms;
# Read /data/misc/adb/adb_keys.
allow adbd adb_keys_file:dir search;
allow adbd adb_keys_file:file r_file_perms;
userdebug_or_eng(`
# Write debugging information to /data/adb
# when persist.adb.trace_mask is set
# https://code.google.com/p/android/issues/detail?id=72895
allow adbd adb_data_file:dir rw_dir_perms;
allow adbd adb_data_file:file create_file_perms;
')
# ndk-gdb invokes adb forward to forward the gdbserver socket.
allow adbd app_data_file:dir search;
allow adbd app_data_file:sock_file write;
allow adbd appdomain:unix_stream_socket connectto;
# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms;
allow adbd kernel:security read_policy;
allow adbd surfaceflinger_service:service_manager find;
allow adbd bootchart_data_file:dir search;
allow adbd bootchart_data_file:file r_file_perms;
# Allow access to external storage; we have several visible mount points under /storage
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
allow adbd storage_file:dir r_dir_perms;
allow adbd storage_file:lnk_file r_file_perms;
allow adbd mnt_user_file:dir r_dir_perms;
allow adbd mnt_user_file:lnk_file r_file_perms;