e6da3b80d1
Manual testing protocol: * Verify prng_seeder daemon is running and has the correct label (via ps -Z) * Verify prng_seeder socket present and has correct label (via ls -Z) * Verify no SELinux denials * strace a libcrypto process and verify it reads seeding data from prng_seeder (e.g. strace bssl rand -hex 1024) * strace seeder daemon to observe incoming connections (e.g. strace -f -p `pgrep prng_seeder`) * Kill daemon, observe that init restarts it * strace again and observe clients now seed from new instance Bug: 243933553 Test: Manual - see above Change-Id: I0a7e339115a2cf6b819730dcf5f8b189a339c57d
17 lines
898 B
Text
17 lines
898 B
Text
# PRNG seeder daemon
|
|
# Started from early init, maintains a FIPS approved DRBG which it periodically reseeds from
|
|
# /dev/hw_random. When BoringSSL (libcrypto) in other processes needs seeding data for its
|
|
# internal DRBGs it will connect to /dev/socket/prng_seeder and the daemon will write a
|
|
# fixed size block of entropy then disconnect. No other IO is performed.
|
|
typeattribute prng_seeder coredomain;
|
|
|
|
# mlstrustedsubject required in order to allow connections from trusted app domains.
|
|
typeattribute prng_seeder mlstrustedsubject;
|
|
|
|
type prng_seeder_exec, system_file_type, exec_type, file_type;
|
|
init_daemon_domain(prng_seeder)
|
|
|
|
# Socket open and listen are performed by init.
|
|
allow prng_seeder prng_seeder:unix_stream_socket { read write getattr accept };
|
|
allow prng_seeder hw_random_device:chr_file { read open };
|
|
allow prng_seeder kmsg_debug_device:chr_file { w_file_perms getattr ioctl };
|