49c0ec7a67
authfs_service is a binder service on microdroid. Upon a request by the
client, the service will create the mount directory, execute authfs to
mount the FUSE, and finally unmount and delete the mount directory.
authfs currently requires more privileges than it should, but it's ok
because the client owns the VM, and all input will be verified by
signatures. But there is plan to keep the privileges isoated in the
service (b/195554831).
Bug: 194717985
Bug: 195554831
Test: Start the service from init, use a test executable to call the
service API. Only observed denial from the test executable.
Change-Id: Ie53aa9e2796433fc3182357039d0b7ba1c0848ef
20 lines
773 B
Text
20 lines
773 B
Text
# authfs is a FUSE-based filesystem to support "remote" file access normally
|
|
# over vsock, backed by a file server backend on Android.
|
|
|
|
type authfs, domain, coredomain;
|
|
type authfs_exec, exec_type, file_type, system_file_type;
|
|
|
|
allow authfs self:vsock_socket create_socket_perms_no_ioctl;
|
|
|
|
# Allow basic rules to implement FUSE.
|
|
# TODO(195554831): Move the privilege to authfs_service
|
|
allow authfs fuse_device:chr_file rw_file_perms;
|
|
|
|
# Allow mounting authfs.
|
|
# TODO(195554831): Move the privilege to authfs_service.
|
|
allow authfs fuse:filesystem relabelfrom;
|
|
allow authfs authfs_fuse:filesystem { mount relabelfrom relabelto };
|
|
allow authfs authfs_data_file:dir { mounton search };
|
|
|
|
# TODO(195568812): Don't pass FD 0,1,2 unnecessarily.
|
|
allow authfs authfs_service:fd use;
|