tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/coredomain.te
Jooyung Han ccfb0ef146 Added properties for rebootless apex install 
When apexd installs an apex without reboot, init also need to do some
work around the installation (e.g. terminating services from the apex
and remove data read from the apex and updating linker configuration
etc)

Apexd sets control properties to unload and load apex and init notifies
the completion with state properties.

These new properties are supposed to be used by apexd/init interaction.

Bug: 232114573
Bug: 232173613
Test: CtsStagedInstallHostTestCases
Test: CtsInitTestCases
Change-Id: I5af6b36310f3c81f1cd55537473e54756541d347
2022-07-08 12:12:45 +09:00

250 lines
5.6 KiB
Text
Raw Blame History

get_prop(coredomain, boot_status_prop)
get_prop(coredomain, camera_config_prop)
get_prop(coredomain, dalvik_config_prop)
get_prop(coredomain, dalvik_runtime_prop)
get_prop(coredomain, exported_pm_prop)
get_prop(coredomain, ffs_config_prop)
get_prop(coredomain, graphics_config_prop)
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
get_prop(coredomain, init_apex_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
get_prop(coredomain, radio_control_prop)
get_prop(coredomain, rollback_test_prop)
get_prop(coredomain, setupwizard_prop)
get_prop(coredomain, sqlite_log_prop)
get_prop(coredomain, storagemanager_config_prop)
get_prop(coredomain, surfaceflinger_color_prop)
get_prop(coredomain, systemsound_config_prop)
get_prop(coredomain, telephony_config_prop)
get_prop(coredomain, usb_config_prop)
get_prop(coredomain, usb_control_prop)
get_prop(coredomain, userspace_reboot_config_prop)
get_prop(coredomain, vold_config_prop)
get_prop(coredomain, vts_status_prop)
get_prop(coredomain, zygote_config_prop)
get_prop(coredomain, zygote_wrap_prop)
# TODO(b/170590987): remove this after cleaning up default_prop
get_prop(coredomain, default_prop)
full_treble_only(`
neverallow {
coredomain
# for chowning
-init
# generic access to sysfs_type
-apexd
-ueventd
-vold
} sysfs_leds:file *;
')
# On TREBLE devices, a limited set of files in /vendor are accessible to
# only a few allowlisted coredomains to keep system/vendor separation.
full_treble_only(`
# Limit access to /vendor/app
neverallow {
coredomain
-appdomain
-artd
-dex2oat
-dexoptanalyzer
-idmap
-init
-installd
-heapprofd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
-traced_perf
} vendor_app_file:dir { open read getattr search };
')
full_treble_only(`
neverallow {
coredomain
-appdomain
-artd
-dex2oat
-dexoptanalyzer
-idmap
-init
-installd
-heapprofd
userdebug_or_eng(`-profcollectd')
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
userdebug_or_eng(`-simpleperf_boot')
-system_server
-traced_perf
-mediaserver
} vendor_app_file:file r_file_perms;
')
full_treble_only(`
# Limit access to /vendor/overlay
neverallow {
coredomain
-appdomain
-idmap
-init
-installd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
-traced_perf
-app_zygote
-webview_zygote
-zygote
-heapprofd
} vendor_overlay_file:dir { getattr open read search };
')
full_treble_only(`
neverallow {
coredomain
-appdomain
-idmap
-init
-installd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
-traced_perf
-app_zygote
-webview_zygote
-zygote
-heapprofd
userdebug_or_eng(`-profcollectd')
userdebug_or_eng(`-simpleperf_boot')
} vendor_overlay_file:file open;
')
# Core domains are not permitted to use kernel interfaces which are not
# explicitly labeled.
# TODO(b/65643247): Apply these neverallow rules to all coredomain.
full_treble_only(`
# /proc
neverallow {
coredomain
-init
-vold
} proc:file no_rw_file_perms;
# /sys
neverallow {
coredomain
-apexd
-init
-ueventd
-vold
} sysfs:file no_rw_file_perms;
# /dev
neverallow {
coredomain
-apexd
-fsck
-init
-ueventd
} device:{ blk_file file } no_rw_file_perms;
# debugfs
neverallow {
coredomain
no_debugfs_restriction(`
-dumpstate
-init
-system_server
')
} debugfs:file no_rw_file_perms;
# tracefs
neverallow {
coredomain
-atrace
-dumpstate
-gpuservice
-init
-traced_perf
-traced_probes
-shell
-system_server
-traceur_app
userdebug_or_eng(`-profcollectd')
userdebug_or_eng(`-simpleperf_boot')
} debugfs_tracing:file no_rw_file_perms;
# inotifyfs
neverallow {
coredomain
-init
} inotify:file no_rw_file_perms;
# pstorefs
neverallow {
coredomain
-bootstat
-charger
-dumpstate
userdebug_or_eng(`-incidentd')
-init
-logd
-logpersist
-recovery_persist
-recovery_refresh
-shell
-system_server
} pstorefs:file no_rw_file_perms;
# configfs
neverallow {
coredomain
-init
-system_server
} configfs:file no_rw_file_perms;
# functionfs
neverallow {
coredomain
-adbd
-init
-mediaprovider
-system_server
} functionfs:file no_rw_file_perms;
# usbfs and binfmt_miscfs
neverallow {
coredomain
-init
}{ usbfs binfmt_miscfs }:file no_rw_file_perms;
# dmabuf heaps
neverallow {
coredomain
-init
-ueventd
}{
dmabuf_heap_device_type
-dmabuf_system_heap_device
-dmabuf_system_secure_heap_device
}:chr_file no_rw_file_perms;
')
# Following /dev nodes must not be directly accessed by coredomain, but should
# instead be wrapped by HALs.
neverallow coredomain {
iio_device
radio_device
}:chr_file { open read append write ioctl };
# TODO(b/120243891): HAL permission to tee_device is included into coredomain
# on non-Treble devices.
full_treble_only(`
neverallow coredomain tee_device:chr_file { open read append write ioctl };
')
Reference in a new issue View git blame Copy permalink