75806ef3c5
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
67 lines
2.3 KiB
Text
67 lines
2.3 KiB
Text
# HwBinder IPC from client to server
|
|
binder_call(hal_configstore_client, hal_configstore_server)
|
|
|
|
hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs)
|
|
|
|
# hal_configstore runs with a strict seccomp filter. Use crash_dump's
|
|
# fallback path to collect crash data.
|
|
crash_dump_fallback(hal_configstore_server)
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# Should never execute an executable without a domain transition
|
|
neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans;
|
|
|
|
# Should never need network access. Disallow sockets except for
|
|
# for unix stream/dgram sockets used for logging/debugging.
|
|
neverallow hal_configstore_server domain:{
|
|
rawip_socket tcp_socket udp_socket
|
|
netlink_route_socket netlink_selinux_socket
|
|
socket netlink_socket packet_socket key_socket appletalk_socket
|
|
netlink_tcpdiag_socket netlink_nflog_socket
|
|
netlink_xfrm_socket netlink_audit_socket
|
|
netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
|
|
netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
|
|
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
|
|
netlink_rdma_socket netlink_crypto_socket
|
|
} *;
|
|
neverallow hal_configstore_server {
|
|
domain
|
|
-hal_configstore_server
|
|
-logd
|
|
-prng_seeder
|
|
userdebug_or_eng(`-su')
|
|
-tombstoned
|
|
}:{ unix_dgram_socket unix_stream_socket } *;
|
|
|
|
# Should never need access to anything on /data
|
|
neverallow hal_configstore_server {
|
|
data_file_type
|
|
-anr_data_file # for crash dump collection
|
|
-tombstone_data_file # for crash dump collection
|
|
with_native_coverage(`-method_trace_data_file')
|
|
}:{ file fifo_file sock_file } *;
|
|
|
|
# Should never need sdcard access
|
|
neverallow hal_configstore_server {
|
|
sdcard_type
|
|
fuse sdcardfs vfat exfat fuseblk # manual expansion for completeness
|
|
}:dir ~getattr;
|
|
neverallow hal_configstore_server {
|
|
sdcard_type
|
|
fuse sdcardfs vfat exfat fuseblk # manual expansion for completeness
|
|
}:file *;
|
|
|
|
# Do not permit access to service_manager and vndservice_manager
|
|
neverallow hal_configstore_server *:service_manager *;
|
|
|
|
# No privileged capabilities
|
|
neverallow hal_configstore_server self:capability_class_set *;
|
|
|
|
# No ptracing other processes
|
|
neverallow hal_configstore_server *:process ptrace;
|
|
|
|
# no relabeling
|
|
neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto };
|