336d0fed4e
I took current AOSP policy as base, then removed sepolicy so that the set of type and attributes was a subset of types and attributes in Q sepolicy, with exception of those that have not yet been cleand up in current AOSP: mediaswcodec_server netd_socket mediaextractor_update_service thermalserviced thermalserviced_exec Bug: 133196056 Test: n/a Change-Id: I863429d61d3fad0272c1d3f1e429cd997513a74a Merged-In: I3e091652fa8d1757b1f71f7559186d5b32f000d5
80 lines
3.2 KiB
Text
80 lines
3.2 KiB
Text
# ueventd seclabel is specified in init.rc since
|
|
# it lives in the rootfs and has no unique file type.
|
|
type ueventd, domain;
|
|
type ueventd_tmpfs, file_type;
|
|
|
|
# Write to /dev/kmsg.
|
|
allow ueventd kmsg_device:chr_file rw_file_perms;
|
|
|
|
allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner };
|
|
allow ueventd device:file create_file_perms;
|
|
|
|
r_dir_file(ueventd, rootfs)
|
|
|
|
# ueventd needs write access to files in /sys to regenerate uevents
|
|
allow ueventd sysfs_type:file w_file_perms;
|
|
r_dir_file(ueventd, sysfs_type)
|
|
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
|
|
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
|
|
allow ueventd tmpfs:chr_file rw_file_perms;
|
|
allow ueventd dev_type:dir create_dir_perms;
|
|
allow ueventd dev_type:lnk_file { create unlink };
|
|
allow ueventd dev_type:chr_file { getattr create setattr unlink };
|
|
allow ueventd dev_type:blk_file { getattr relabelfrom relabelto create setattr unlink };
|
|
allow ueventd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
|
allow ueventd efs_file:dir search;
|
|
allow ueventd efs_file:file r_file_perms;
|
|
|
|
# Get SELinux enforcing status.
|
|
r_dir_file(ueventd, selinuxfs)
|
|
|
|
# Access for /vendor/ueventd.rc and /vendor/firmware
|
|
r_dir_file(ueventd, { vendor_file_type -vendor_app_file -vendor_overlay_file })
|
|
|
|
# Get file contexts for new device nodes
|
|
allow ueventd file_contexts_file:file r_file_perms;
|
|
|
|
# Use setfscreatecon() to label /dev directories and files.
|
|
allow ueventd self:process setfscreate;
|
|
|
|
# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
|
|
allow ueventd proc_cmdline:file r_file_perms;
|
|
|
|
# Everything is labeled as rootfs in recovery mode. ueventd has to execute
|
|
# the dynamic linker and shared libraries.
|
|
recovery_only(`
|
|
allow ueventd rootfs:file { r_file_perms execute };
|
|
')
|
|
|
|
# Suppress denials for ueventd to getattr /postinstall. This occurs when the
|
|
# linker tries to resolve paths in ld.config.txt.
|
|
dontaudit ueventd postinstall_mnt_dir:dir getattr;
|
|
|
|
# ueventd loads modules in response to modalias events.
|
|
allow ueventd self:global_capability_class_set sys_module;
|
|
allow ueventd vendor_file:system module_load;
|
|
allow ueventd kernel:key search;
|
|
|
|
# ueventd is using bootstrap bionic
|
|
allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
|
|
allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
|
|
|
|
#####
|
|
##### neverallow rules
|
|
#####
|
|
|
|
# ueventd must never set properties, otherwise deadlocks may occur.
|
|
# https://android-review.googlesource.com/#/c/133120/6/init/devices.cpp@941
|
|
# No writing to the property socket, connecting to init, or setting properties.
|
|
neverallow ueventd property_socket:sock_file write;
|
|
neverallow ueventd init:unix_stream_socket connectto;
|
|
neverallow ueventd property_type:property_service set;
|
|
|
|
# Restrict ueventd access on block devices to maintenence operations.
|
|
neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink };
|
|
|
|
# Only relabelto as we would never want to relabelfrom port_device
|
|
neverallow ueventd port_device:chr_file ~{ getattr create setattr unlink relabelto };
|
|
|
|
# Nobody should be able to ptrace ueventd
|
|
neverallow * ueventd:process ptrace;
|