3e307a4de5
Same-process HALs are forbidden except for very specific HALs that have been provided and whitelisted by AOSP. As a result, a vendor extension HAL may have a need to be accessed by untrusted_app. This is still discouraged, and the existing AOSP hwservices are still forbidden, but remove the blanket prohibition. Also indicate that this is temporary, and that partners should expect to get exceptions to the rule into AOSP in the future. Bug: 62806062 Test: neverallow-only change builds. Verify new attribute is in policy. Change-Id: I6d3e659147d509a3503c2c9e0b6bb9016cc75832
291 lines
8.3 KiB
Text
291 lines
8.3 KiB
Text
######################################
|
|
# Attribute declarations
|
|
#
|
|
|
|
# All types used for devices.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# in tools/checkfc.c
|
|
attribute dev_type;
|
|
|
|
# All types used for processes.
|
|
attribute domain;
|
|
|
|
# All types used for filesystems.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute fs_type;
|
|
|
|
# All types used for context= mounts.
|
|
attribute contextmount_type;
|
|
|
|
# All types used for files that can exist on a labeled fs.
|
|
# Do not use for pseudo file types.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute file_type;
|
|
|
|
# All types used for domain entry points.
|
|
attribute exec_type;
|
|
|
|
# All types used for /data files.
|
|
attribute data_file_type;
|
|
# All types in /data, not in /data/vendor
|
|
attribute core_data_file_type;
|
|
# All types in /vendor
|
|
attribute vendor_file_type;
|
|
|
|
# All types use for sysfs files.
|
|
attribute sysfs_type;
|
|
|
|
# All types use for debugfs files.
|
|
attribute debugfs_type;
|
|
|
|
# Attribute used for all sdcards
|
|
attribute sdcard_type;
|
|
|
|
# All types used for nodes/hosts.
|
|
attribute node_type;
|
|
|
|
# All types used for network interfaces.
|
|
attribute netif_type;
|
|
|
|
# All types used for network ports.
|
|
attribute port_type;
|
|
|
|
# All types used for property service
|
|
# On change, update CHECK_PC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute property_type;
|
|
|
|
# All properties defined in core SELinux policy. Should not be
|
|
# used by device specific properties
|
|
attribute core_property_type;
|
|
|
|
# All properties used to configure log filtering.
|
|
attribute log_property_type;
|
|
|
|
# All service_manager types created by system_server
|
|
attribute system_server_service;
|
|
|
|
# services which should be available to all but isolated apps
|
|
attribute app_api_service;
|
|
|
|
# services which should be available to all ephemeral apps
|
|
attribute ephemeral_app_api_service;
|
|
|
|
# services which export only system_api
|
|
attribute system_api_service;
|
|
|
|
# All types used for services managed by servicemanager.
|
|
# On change, update CHECK_SC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute service_manager_type;
|
|
|
|
# All types used for services managed by hwservicemanager
|
|
attribute hwservice_manager_type;
|
|
|
|
# All HwBinder services guaranteed to be passthrough. These services always run
|
|
# in the process of their clients, and thus operate with the same access as
|
|
# their clients.
|
|
attribute same_process_hwservice;
|
|
|
|
# All HwBinder services guaranteed to be offered only by core domain components
|
|
attribute coredomain_hwservice;
|
|
|
|
# All types used for services managed by vndservicemanager
|
|
attribute vndservice_manager_type;
|
|
|
|
|
|
# All domains that can override MLS restrictions.
|
|
# i.e. processes that can read up and write down.
|
|
attribute mlstrustedsubject;
|
|
|
|
# All types that can override MLS restrictions.
|
|
# i.e. files that can be read by lower and written by higher
|
|
attribute mlstrustedobject;
|
|
|
|
# All domains used for apps.
|
|
attribute appdomain;
|
|
|
|
# All third party apps.
|
|
attribute untrusted_app_all;
|
|
|
|
# All domains used for apps with network access.
|
|
attribute netdomain;
|
|
|
|
# All domains used for apps with bluetooth access.
|
|
attribute bluetoothdomain;
|
|
|
|
# All domains used for binder service domains.
|
|
attribute binderservicedomain;
|
|
|
|
# update_engine related domains that need to apply an update and run
|
|
# postinstall. This includes the background daemon and the sideload tool from
|
|
# recovery for A/B devices.
|
|
attribute update_engine_common;
|
|
|
|
# All core domains (as opposed to vendor/device-specific domains)
|
|
attribute coredomain;
|
|
|
|
# All socket devices owned by core domain components
|
|
attribute coredomain_socket;
|
|
|
|
# All vendor domains which violate the requirement of not using Binder
|
|
# TODO(b/35870313): Remove this once there are no violations
|
|
attribute binder_in_vendor_violators;
|
|
|
|
# All vendor domains which violate the requirement of not using sockets for
|
|
# communicating with core components
|
|
# TODO(b/36577153): Remove this once there are no violations
|
|
attribute socket_between_core_and_vendor_violators;
|
|
|
|
# All vendor domains which violate the requirement of not executing
|
|
# system processes
|
|
# TODO(b/36463595)
|
|
attribute vendor_executes_system_violators;
|
|
|
|
# hwservices that are accessible from untrusted applications
|
|
# WARNING: Use of this attribute should be avoided unless
|
|
# absolutely necessary. It is a temporary allowance to aid the
|
|
# transition to treble and will be removed in a future platform
|
|
# version, requiring all hwservices that are labeled with this
|
|
# attribute to be submitted to AOSP in order to maintain their
|
|
# app-visibility.
|
|
attribute untrusted_app_visible_hwservice;
|
|
|
|
# PDX services
|
|
attribute pdx_endpoint_dir_type;
|
|
attribute pdx_endpoint_socket_type;
|
|
attribute pdx_channel_socket_type;
|
|
|
|
pdx_service_attributes(display_client)
|
|
pdx_service_attributes(display_manager)
|
|
pdx_service_attributes(display_screenshot)
|
|
pdx_service_attributes(display_vsync)
|
|
pdx_service_attributes(performance_client)
|
|
pdx_service_attributes(bufferhub_client)
|
|
|
|
# All HAL servers
|
|
attribute halserverdomain;
|
|
# All HAL clients
|
|
attribute halclientdomain;
|
|
|
|
# HALs
|
|
attribute hal_allocator;
|
|
attribute hal_allocator_client;
|
|
attribute hal_allocator_server;
|
|
attribute hal_audio;
|
|
attribute hal_audio_client;
|
|
attribute hal_audio_server;
|
|
attribute hal_bluetooth;
|
|
attribute hal_bluetooth_client;
|
|
attribute hal_bluetooth_server;
|
|
attribute hal_bootctl;
|
|
attribute hal_bootctl_client;
|
|
attribute hal_bootctl_server;
|
|
attribute hal_camera;
|
|
attribute hal_camera_client;
|
|
attribute hal_camera_server;
|
|
attribute hal_configstore;
|
|
attribute hal_configstore_client;
|
|
attribute hal_configstore_server;
|
|
attribute hal_contexthub;
|
|
attribute hal_contexthub_client;
|
|
attribute hal_contexthub_server;
|
|
attribute hal_drm;
|
|
attribute hal_drm_client;
|
|
attribute hal_drm_server;
|
|
attribute hal_dumpstate;
|
|
attribute hal_dumpstate_client;
|
|
attribute hal_dumpstate_server;
|
|
attribute hal_fingerprint;
|
|
attribute hal_fingerprint_client;
|
|
attribute hal_fingerprint_server;
|
|
attribute hal_gatekeeper;
|
|
attribute hal_gatekeeper_client;
|
|
attribute hal_gatekeeper_server;
|
|
attribute hal_gnss;
|
|
attribute hal_gnss_client;
|
|
attribute hal_gnss_server;
|
|
attribute hal_graphics_allocator;
|
|
attribute hal_graphics_allocator_client;
|
|
attribute hal_graphics_allocator_server;
|
|
attribute hal_graphics_composer;
|
|
attribute hal_graphics_composer_client;
|
|
attribute hal_graphics_composer_server;
|
|
attribute hal_health;
|
|
attribute hal_health_client;
|
|
attribute hal_health_server;
|
|
attribute hal_ir;
|
|
attribute hal_ir_client;
|
|
attribute hal_ir_server;
|
|
attribute hal_keymaster;
|
|
attribute hal_keymaster_client;
|
|
attribute hal_keymaster_server;
|
|
attribute hal_light;
|
|
attribute hal_light_client;
|
|
attribute hal_light_server;
|
|
attribute hal_memtrack;
|
|
attribute hal_memtrack_client;
|
|
attribute hal_memtrack_server;
|
|
attribute hal_nfc;
|
|
attribute hal_nfc_client;
|
|
attribute hal_nfc_server;
|
|
attribute hal_oemlock;
|
|
attribute hal_oemlock_client;
|
|
attribute hal_oemlock_server;
|
|
attribute hal_power;
|
|
attribute hal_power_client;
|
|
attribute hal_power_server;
|
|
attribute hal_sensors;
|
|
attribute hal_sensors_client;
|
|
attribute hal_sensors_server;
|
|
attribute hal_telephony;
|
|
attribute hal_telephony_client;
|
|
attribute hal_telephony_server;
|
|
attribute hal_tetheroffload;
|
|
attribute hal_tetheroffload_client;
|
|
attribute hal_tetheroffload_server;
|
|
attribute hal_thermal;
|
|
attribute hal_thermal_client;
|
|
attribute hal_thermal_server;
|
|
attribute hal_tv_cec;
|
|
attribute hal_tv_cec_client;
|
|
attribute hal_tv_cec_server;
|
|
attribute hal_tv_input;
|
|
attribute hal_tv_input_client;
|
|
attribute hal_tv_input_server;
|
|
attribute hal_usb;
|
|
attribute hal_usb_client;
|
|
attribute hal_usb_server;
|
|
attribute hal_vibrator;
|
|
attribute hal_vibrator_client;
|
|
attribute hal_vibrator_server;
|
|
attribute hal_vr;
|
|
attribute hal_vr_client;
|
|
attribute hal_vr_server;
|
|
attribute hal_weaver;
|
|
attribute hal_weaver_client;
|
|
attribute hal_weaver_server;
|
|
attribute hal_wifi;
|
|
attribute hal_wifi_client;
|
|
attribute hal_wifi_server;
|
|
attribute hal_wifi_keystore;
|
|
attribute hal_wifi_keystore_client;
|
|
attribute hal_wifi_keystore_server;
|
|
attribute hal_wifi_offload;
|
|
attribute hal_wifi_offload_client;
|
|
attribute hal_wifi_offload_server;
|
|
attribute hal_wifi_supplicant;
|
|
attribute hal_wifi_supplicant_client;
|
|
attribute hal_wifi_supplicant_server;
|
|
|
|
# HwBinder services offered across the core-vendor boundary
|
|
#
|
|
# We annotate server domains with x_server to loosen the coupling between
|
|
# system and vendor images. For example, it should be possible to move a service
|
|
# from one core domain to another, without having to update the vendor image
|
|
# which contains clients of this service.
|
|
|
|
attribute display_service_server;
|
|
attribute wifi_keystore_service_server;
|