766caba5de
Add the compos_key_helper domain for the process which has access to the signing key, make sure it can't be crashdumped. Also extend that protection to diced & its HAL. Rename compos_verify_key to compos_verify, because it doesn't verify keys any more. Move exec types used by Microdroid to file.te in the host rather than their own dedicated files. Bug: 218494522 Test: atest CompOsSigningHostTest CompOsDenialHostTest Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
23 lines
599 B
Text
23 lines
599 B
Text
type diced, domain, coredomain;
|
|
type diced_exec, system_file_type, exec_type, file_type;
|
|
|
|
# Block crash dumps to ensure the DICE secrets are not leaked.
|
|
typeattribute diced no_crash_dump_domain;
|
|
|
|
# diced can be started by init
|
|
init_daemon_domain(diced)
|
|
|
|
# diced can talk to dice HAL
|
|
hal_client_domain(diced, hal_dice)
|
|
|
|
# diced hosts AIDL services
|
|
binder_use(diced)
|
|
binder_service(diced)
|
|
add_service(diced, dice_node_service)
|
|
add_service(diced, dice_maintenance_service)
|
|
|
|
# diced can check SELinux permissions.
|
|
selinux_check_access(diced)
|
|
|
|
# diced is using bootstrap bionic
|
|
use_bootstrap_libs(diced)
|