tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Jiyong Park e95c704b6f Access to HALs from untrusted apps is blacklist-based 
Before this change, access to HALs from untrusted apps was prohibited
except for the whitelisted ones like the gralloc HAL, the renderscript
HAL, etc. As a result, any HAL that is added by partners can't be
accessed from apps. This sometimes is a big restriction for them when
they want to access their own HALs in the same-process HALs running in
apps. Although this is a vendor-to-vendor communication and thus is not
a Treble violation, that was not allowed because their HALs are not in
the whitelist in AOSP.

This change fixes the problem by doing the access control in the
opposite way; access to HALs are restricted only for the blacklisted
ones.

All the hwservice context that were not in the whitelist are now put
to blacklist.

This change also removes the neverallow rule for the binder access to
the halserverdomain types. This is not needed as the protected
hwservices living in the HAL processes are already not accessible; we
have a neverallow rule for preventing hwservice_manager from finding
those protected hwservices from untrusted apps.

Bug: 139645938
Test: m

Merged-In: I1e63c11143f56217eeec05e2288ae7c91e5fe585
(cherry picked from commit 580375c923)

Change-Id: I4e611091a315ca90e3c181f77dd6a5f61d3a6468
2019-09-06 14:10:38 +09:00
..
compat Merge "Root of /data belongs to init" 2019-08-29 23:10:42 -07:00
access_vectors update sepolicy for fs notification hooks 2019-08-27 15:31:59 -07:00
adbd.te Allow adb forward to traced consumer socket 2019-09-05 10:12:47 +00:00
apex_test_prepostinstall.te Sepolicy: Initial Apexd pre-/postinstall rules 2019-01-24 15:06:17 -08:00
apexd.te Allow apexd to stop itself 2019-06-13 09:45:05 +09:00
app.te revert ipmemorystore selinux policy. 2019-04-01 16:37:25 +09:00
app_neverallows.te Access to HALs from untrusted apps is blacklist-based 2019-09-06 14:10:38 +09:00
app_zygote.te Add rules for accessing the related bluetooth_audio_hal_prop 2019-03-20 03:12:25 +00:00
art_apex_boot_integrity.te Sepolicy: Allow everyone to search keyrings 2019-03-14 13:21:07 -07:00
art_apex_postinstall.te Sepolicy: Fix comment on apexd:fd use 2019-03-15 11:26:05 -07:00
art_apex_preinstall.te Sepolicy: Fix comment on apexd:fd use 2019-03-15 11:26:05 -07:00
asan_extract.te Sepolicy: Add ASAN-Extract 2017-04-05 13:09:29 -07:00
ashmemd.te sepolicy for ashmemd 2019-02-05 21:38:14 +00:00
atrace.te atrace: allow tracing of vibrator hal 2019-06-17 12:25:05 +09:00
audioserver.te Add rules for accessing the related bluetooth_audio_hal_prop am: e55a74bdff am: dd367bd058 2019-03-20 01:53:39 -07:00
auditctl.te Add policy for /system/bin/auditctl 2019-04-09 20:55:30 -07:00
binder_in_vendor_violators.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
binderservicedomain.te Move binderservicedomain policy to private 2017-02-08 09:09:39 -08:00
blank_screen.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
blkid.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
blkid_untrusted.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bluetooth.te Add rules for accessing the related bluetooth_audio_hal_prop 2019-03-20 03:12:25 +00:00
bluetoothdomain.te Move bluetoothdomain policy to private 2017-02-06 15:32:08 -08:00
bootanim.te Dontaudit denials caused by race with labeling. 2018-02-14 17:07:13 -08:00
bootstat.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bpfloader.te selinux - netd - tighten down bpf policy 2019-05-10 05:52:30 +00:00
bufferhubd.te Remove unused bufferhub sepolicy 2018-12-10 13:36:11 -08:00
bug_map Revert "Track usbd SELinux denial." 2019-07-14 21:05:41 -07:00
cameraserver.te Abstract use of cameraserver behind an attribute 2019-03-01 14:02:59 -08:00
charger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
clatd.te sepolicy - move public clatd to private 2019-05-11 17:47:25 -07:00
coredomain.te Remove perfprofd references. 2019-07-19 11:15:12 -07:00
cppreopts.te Sepolicy: Clean up moved files 2019-02-22 08:36:41 -08:00
crash_dump.te crash_dump: suppress devpts denials 2019-03-19 04:05:51 +00:00
dex2oat.te Allow otapreopt_chroot to use a flattened Runtime APEX package. 2019-03-19 14:44:22 +00:00
dexoptanalyzer.te Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access. 2019-08-16 20:02:32 +01:00
dhcp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
dnsmasq.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
domain.te Merge changes from topic "use_generated_linkerconfig" 2019-08-14 02:47:24 -07:00
drmserver.te Tighten restrictions on core <-> vendor socket comms 2017-03-31 09:17:54 -07:00
dumpstate.te Remove perfprofd references. 2019-07-19 11:15:12 -07:00
ephemeral_app.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
fastbootd.te Add sepolicy for fastbootd 2018-08-15 08:45:22 -07:00
file.te Add linker config generator and output file to sepolicy 2019-07-12 12:32:19 +09:00
file_contexts Split off ART rules for new ART APEX. 2019-09-02 03:46:11 -07:00
file_contexts_asan fix data/asan/product/lib(64) can't access by platform_app issue 2019-07-19 03:23:47 +00:00
file_contexts_overlayfs fs_mgr: add /mnt/scratch to possible overlayfs support directories 2018-10-08 14:23:01 +00:00
fingerprintd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
flags_health_check.te sepolicy for server configurable flags 2018-11-01 03:28:56 +00:00
fs_use fs_mgr: add overlayfs handling for squashfs system filesystems 2018-08-08 07:33:10 -07:00
fsck.te Allow access to the metadata partition for metadata encryption. 2018-01-19 14:45:08 -08:00
fsck_untrusted.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
fsverity_init.te sepolicy: dontaudit cap_sys_admin on userdebug/eng 2019-08-29 09:39:31 -07:00
fwk_bufferhub.te Allow bufferhub service to allocate buffer 2018-11-07 13:57:55 -08:00
gatekeeperd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
genfs_contexts Allow Traceur to record the suspend_resume trace event 2019-08-09 10:56:15 -07:00
gpuservice.te Allow dumpstate to dumpsys gpu 2019-05-09 23:15:49 -07:00
gsid.te Allow gsid to create and access loop devices. 2019-07-11 16:36:25 -07:00
hal_allocator_default.te sepolicy for ashmemd 2019-02-05 21:38:14 +00:00
halclientdomain.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
halserverdomain.te Allow hals to read hwservicemanager prop. 2017-03-23 01:50:50 +00:00
healthd.te healthd provides health@2.0 service. 2017-10-17 13:48:42 -07:00
heapprofd.te Relabel /proc/kpageflags and grant access to heapprofd. 2019-05-20 20:18:10 +01:00
hwservice_contexts Tuner Hal 1.0 Enable ITuner service 2019-08-14 11:22:09 -07:00
hwservicemanager.te Finer grained permissions for ctl. properties 2018-05-22 13:47:16 -07:00
idmap.te Add idmap2 and idmap2d 2018-11-15 14:42:10 +00:00
incident.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
incident_helper.te Allow dumpstate to dump incidentd 2018-12-04 15:42:56 -08:00
incidentd.te Add rules to dump hal traces 2019-06-20 00:31:03 +00:00
init.te Move /sbin/charger to /system/bin/charger. 2019-03-14 09:44:03 -07:00
initial_sid_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sids Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
install_recovery.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
installd.te Merge "Move layout_version to /data/misc/installd" 2019-08-28 13:35:17 -07:00
iorapd.te iorapd: add tmpfs type 2019-01-26 12:55:13 -08:00
isolated_app.te Allow global read access to /sys/kernel/mm/transparent_hugepage/ 2019-03-13 23:47:25 +00:00
iw.te Allow iw to be run at init phase. 2018-11-14 19:10:12 +00:00
kernel.te Sepolicy: Move otapreopt_chroot to private 2019-03-18 10:54:42 -07:00
keys.conf Add MAINLINE_SEPOLICY_DEV_CERTIFICATES to keys.conf 2019-08-07 18:23:47 +09:00
keystore.te Allow Keystore to check security logging property. 2018-01-24 19:49:18 +00:00
linkerconfig.te Enable Kernel log from linkerconfig 2019-07-23 13:42:55 +09:00
llkd.te Add policy for apexd. 2018-10-04 07:06:45 +00:00
lmkd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
logd.te sepolicy: Permission changes for new wifi mainline module 2019-07-16 13:30:15 -07:00
logpersist.te Allow dumpstate to read /data/misc/logd always 2019-07-08 13:20:10 -07:00
lpdumpd.te super_block_device -> super_block_device_type 2019-03-28 18:08:19 +00:00
mac_permissions.xml sepolicy change for NetworkStack signature 2019-02-14 07:58:13 +09:00
mdnsd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
mediadrmserver.te update sepolicy for gralloc HAL 2017-03-30 14:43:35 -07:00
mediaextractor.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
mediametrics.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediaprovider.te Allow MediaProvider to host FUSE devices. 2019-08-07 19:00:15 +01:00
mediaserver.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
mediaswcodec.te add mediaswcodec service 2018-10-11 15:10:17 -07:00
migrate_legacy_obb_data.te sepolicy: Adjust policy for migrate_legacy_obb_data.sh 2019-07-16 02:55:25 +00:00
mls Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
mls_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
modprobe.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mtp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
netd.te sepolicy - move public clatd to private 2019-05-11 17:47:25 -07:00
netutils_wrapper.te Sepolicy for netutils_wrapper to use binder call 2019-04-26 02:46:39 +00:00
network_stack.te Allow the netowrk stack to access its own data files. 2019-03-19 11:42:11 +09:00
nfc.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
notify_traceur.te Allow the init process to execute the notify_traceur.sh script 2019-02-07 00:28:40 +00:00
otapreopt_chroot.te Sepolicy: Allow otapreopt to mount logical partitions 2019-03-22 12:13:05 -07:00
otapreopt_slot.te Sepolicy: Clean up moved files 2019-02-22 08:36:41 -08:00
perfetto.te Root of /data belongs to init 2019-08-29 15:08:21 -07:00
performanced.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
platform_app.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
policy_capabilities Add nnp_nosuid_transition policycap and related class/perm definitions. 2018-09-07 10:52:31 -07:00
port_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
postinstall_dexopt.te Sepolicy: Allow otapreopt access to vendor overlay files 2019-03-22 12:13:53 -07:00
ppp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
preloads_copy.te Add sepolicy for preloads_copy script 2018-10-23 17:11:36 +01:00
preopt2cachename.te Sepolicy: Clean up moved files 2019-02-22 08:36:41 -08:00
priv_app.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
profman.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
property_contexts Define sepolicy with property for linker 2019-08-14 12:35:15 +09:00
racoon.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
radio.te Add uce service to core policy. 2019-08-19 12:42:56 -07:00
recovery.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
recovery_persist.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
recovery_refresh.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
roles_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rs.te rs.te: Allow ephemeral_app FD use 2019-04-02 13:59:39 -07:00
rss_hwm_reset.te SELinux policy for rss_hwm_reset 2018-12-15 10:13:03 +00:00
runas.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
runas_app.te allow runas_app untrusted_app_all:unix_stream_socket connectto 2019-02-08 11:35:50 -08:00
sdcardd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
seapp_contexts sepolicy: Permission changes for new wifi mainline module 2019-07-16 13:30:15 -07:00
secure_element.te SE Policy for Secure Element app and Secure Element HAL 2018-01-29 21:31:42 +00:00
security_classes Update access_vectors 2018-11-01 19:53:50 -07:00
service.te Add uce service to core policy. 2019-08-19 12:42:56 -07:00
service_contexts Merge "Remove mediacodec_service." 2019-08-26 21:32:47 +00:00
servicemanager.te Allow servicemanager to start processes 2019-08-02 00:23:16 +00:00
sgdisk.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
shared_relro.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
shell.te Define sepolicy with property for linker 2019-08-14 12:35:15 +09:00
simpleperf_app_runner.te Add sepolicy for simpleperf_app_runner. 2019-01-23 23:23:09 +00:00
slideshow.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
stats.te Allowing sysui to access statsd. 2019-02-11 14:09:42 -08:00
statsd.te Allows StatsCompanionService to pipe data to statsd. 2019-05-23 20:35:34 +00:00
storaged.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
su.te SELinux policies for Perfetto cmdline client (/system/bin/perfetto) 2018-01-29 11:06:00 +00:00
surfaceflinger.te Merge "Give surfaceflinger permission to write perfetto traces" 2019-07-09 14:36:15 -07:00
system_app.te system_app: neverallow /data/local/tmp access 2019-09-05 09:24:41 -07:00
system_server.te Merge "Remove mediacodec_service." 2019-08-26 21:32:47 +00:00
system_server_startup.te system_server_startup: allow SIGCHLD to zygote 2019-06-14 16:56:05 -07:00
system_suspend.te system_suspend: remove /sys/power/wake_lock permissions 2019-07-26 11:13:05 -07:00
technical_debt.cil Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
tombstoned.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
toolbox.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
traced.te Root of /data belongs to init 2019-08-29 15:08:21 -07:00
traced_probes.te Root of /data belongs to init 2019-08-29 15:08:21 -07:00
traceur_app.te Allow the Traceur app to start Perfetto. 2018-12-10 18:51:29 -08:00
tzdatacheck.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
ueventd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
uncrypt.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
untrusted_app.te Add untrusted_app_27 2018-04-03 12:25:51 -07:00
untrusted_app_25.te Deprecate /mnt/sdcard -> /storage/self/primary symlink. 2019-04-12 03:15:52 +00:00
untrusted_app_27.te Deprecate /mnt/sdcard -> /storage/self/primary symlink. 2019-04-12 03:15:52 +00:00
untrusted_app_all.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
update_engine.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
usbd.te usbd sepolicy 2018-01-20 03:41:21 +00:00
users Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
vendor_init.te Root of /data belongs to init 2019-08-29 15:08:21 -07:00
viewcompiler.te Give map permission to viewcompiler 2019-08-27 10:43:55 -07:00
virtual_touchpad.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
vold.te Abolish calls to shell in vold 2018-11-30 16:02:04 -08:00
vold_prepare_subdirs.te sepolicy: Permission changes for new wifi mainline module 2019-07-16 13:30:15 -07:00
vr_hwc.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
wait_for_keymaster.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
watchdogd.te Move watchdogd out of init and into its own domain 2018-08-03 19:28:05 +00:00
webview_zygote.te Allow webview_zygote to read the /data/user/0 symlink. 2019-04-12 11:35:43 -04:00
wifi_stack.te sepolicy: Permission changes for new wifi mainline module 2019-07-16 13:30:15 -07:00
wificond.te SE Policy for Wifi Offload HAL 2017-05-18 09:49:55 -07:00
wpantund.te lowpan: Add wpantund to SEPolicy 2017-10-16 14:10:40 -07:00
zygote.te Allow zygote to create fds and map executable. 2019-06-17 20:18:23 +01:00