d22987b4da
Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
26 lines
1 KiB
Text
26 lines
1 KiB
Text
# Any toolbox command run by init.
|
|
# At present, the only known usage is for running mkswap via fs_mgr.
|
|
# Do NOT use this domain for toolbox when run by any other domain.
|
|
type toolbox, domain, domain_deprecated;
|
|
type toolbox_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(toolbox)
|
|
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by fsck.
|
|
allow toolbox tmpfs:chr_file { read write ioctl };
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow toolbox devpts:chr_file { read write getattr ioctl };
|
|
|
|
# mkswap-specific.
|
|
# Read/write block devices used for swap partitions.
|
|
# Assign swap_block_device type any such partition in your
|
|
# device/<vendor>/<product>/sepolicy/file_contexts file.
|
|
allow toolbox block_device:dir search;
|
|
allow toolbox swap_block_device:blk_file rw_file_perms;
|
|
|
|
# Only allow entry from init via the toolbox binary.
|
|
neverallow { domain -init } toolbox:process transition;
|
|
neverallow domain toolbox:process dyntransition;
|
|
neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
|