d4731ad8c7
Aside from the keystore daemon itself, only init needs any access to keystore_data_file (in order to create and potentially restorecon /data/misc/keystore). The exceptions for the kernel and recovery domains are unnecessary; no allow rule permits this access in current policy. Change-Id: I5cf6f29ec08174017ac8f5fb36fef166ce360ca0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
36 lines
1.2 KiB
Text
36 lines
1.2 KiB
Text
type keystore, domain;
|
|
type keystore_exec, exec_type, file_type;
|
|
|
|
# keystore daemon
|
|
init_daemon_domain(keystore)
|
|
typeattribute keystore mlstrustedsubject;
|
|
binder_use(keystore)
|
|
binder_service(keystore)
|
|
allow keystore keystore_data_file:dir create_dir_perms;
|
|
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
|
|
allow keystore keystore_exec:file { getattr };
|
|
allow keystore tee_device:chr_file rw_file_perms;
|
|
allow keystore tee:unix_stream_socket connectto;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### Protect ourself from others
|
|
###
|
|
|
|
neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto };
|
|
neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
|
|
|
|
neverallow { domain -keystore -init } keystore_data_file:dir *;
|
|
neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
|
|
|
|
neverallow domain keystore:process ptrace;
|
|
|
|
allow keystore keystore_service:service_manager add;
|
|
|
|
# Audited locally.
|
|
service_manager_local_audit_domain(keystore)
|
|
auditallow keystore { service_manager_type -keystore_service }:service_manager find;
|
|
|
|
# Check SELinux permissions.
|
|
selinux_check_access(keystore)
|