tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/su.te
Inseob Kim 75806ef3c5 Minimize public policy 
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.

Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
           <(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
      to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
2024-03-28 00:33:46 +00:00

134 lines
5 KiB
Text
Raw Blame History

userdebug_or_eng(`
typeattribute su coredomain;
domain_auto_trans(shell, su_exec, su)
# Allow dumpstate to call su on userdebug / eng builds to collect
# additional information.
domain_auto_trans(dumpstate, su_exec, su)
# Make sure that dumpstate runs the same from the "su" domain as
# from the "init" domain.
domain_auto_trans(su, dumpstate_exec, dumpstate)
# Put the incident command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, incident_exec, incident)
# Put the odrefresh command into its domain.
domain_auto_trans(su, odrefresh_exec, odrefresh)
# Put the perfetto command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, perfetto_exec, perfetto)
# Allow accessing virtualization (e.g. via the vm command) - ensures virtmgr runs in its
# own domain.
virtualizationservice_use(su)
# su is also permissive to permit setenforce.
permissive su;
app_domain(su)
# Do not audit accesses to keystore2 namespace for the su domain.
dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
typeattribute su mlstrustedsubject;
# Add su to various domains
net_domain(su)
# grant su access to vndbinder
vndbinder_use(su)
dontaudit su self:capability_class_set *;
dontaudit su self:capability2 *;
dontaudit su kernel:security *;
dontaudit su { kernel file_type }:system *;
dontaudit su self:memprotect *;
dontaudit su domain:anon_inode *;
dontaudit su domain:{ process process2 } *;
dontaudit su domain:fd *;
dontaudit su domain:dir *;
dontaudit su domain:lnk_file *;
dontaudit su domain:{ fifo_file file } *;
dontaudit su domain:socket_class_set *;
dontaudit su domain:ipc_class_set *;
dontaudit su domain:key *;
dontaudit su {fs_type fusefs_type}:filesystem *;
dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
dontaudit su node_type:node *;
dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
dontaudit su netif_type:netif *;
dontaudit su port_type:socket_class_set *;
dontaudit su port_type:{ tcp_socket dccp_socket } *;
dontaudit su domain:peer *;
dontaudit su domain:binder *;
dontaudit su property_type:property_service *;
dontaudit su property_type:file *;
dontaudit su service_manager_type:service_manager *;
dontaudit su hwservice_manager_type:hwservice_manager *;
dontaudit su vndservice_manager_type:service_manager *;
dontaudit su servicemanager:service_manager list;
dontaudit su hwservicemanager:hwservice_manager list;
dontaudit su vndservicemanager:service_manager list;
dontaudit su keystore:keystore2 *;
dontaudit su domain:drmservice *;
dontaudit su unlabeled:filesystem *;
dontaudit su postinstall_file:filesystem *;
dontaudit su domain:bpf *;
dontaudit su unlabeled:vsock_socket *;
dontaudit su self:perf_event *;
# VTS tests run in the permissive su domain on debug builds, but the HALs
# being tested run in enforcing mode. Because hal_foo_server is enforcing
# su needs to be declared as hal_foo_client to grant hal_foo_server
# permission to interact with it.
typeattribute su halclientdomain;
typeattribute su hal_allocator_client;
typeattribute su hal_atrace_client;
typeattribute su hal_audio_client;
typeattribute su hal_authsecret_client;
typeattribute su hal_bluetooth_client;
typeattribute su hal_bootctl_client;
typeattribute su hal_camera_client;
typeattribute su hal_configstore_client;
typeattribute su hal_confirmationui_client;
typeattribute su hal_contexthub_client;
typeattribute su hal_drm_client;
typeattribute su hal_cas_client;
typeattribute su hal_dumpstate_client;
typeattribute su hal_fingerprint_client;
typeattribute su hal_gatekeeper_client;
typeattribute su hal_gnss_client;
typeattribute su hal_graphics_allocator_client;
typeattribute su hal_graphics_composer_client;
typeattribute su hal_health_client;
typeattribute su hal_input_classifier_client;
typeattribute su hal_ir_client;
typeattribute su hal_keymaster_client;
typeattribute su hal_light_client;
typeattribute su hal_memtrack_client;
typeattribute su hal_neuralnetworks_client;
typeattribute su hal_nfc_client;
typeattribute su hal_oemlock_client;
typeattribute su hal_power_client;
typeattribute su hal_rebootescrow_client;
typeattribute su hal_secretkeeper_client;
typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
typeattribute su hal_telephony_client;
typeattribute su hal_tetheroffload_client;
typeattribute su hal_thermal_client;
typeattribute su hal_tv_cec_client;
typeattribute su hal_tv_hdmi_cec_client;
typeattribute su hal_tv_hdmi_connection_client;
typeattribute su hal_tv_hdmi_earc_client;
typeattribute su hal_tv_input_client;
typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
typeattribute su hal_vibrator_client;
typeattribute su hal_vr_client;
typeattribute su hal_weaver_client;
typeattribute su hal_wifi_client;
typeattribute su hal_wifi_hostapd_client;
typeattribute su hal_wifi_supplicant_client;
')
Reference in a new issue View git blame Copy permalink