Something went wrong on our end
Select Git revision
install_recovery.te
-
Stephen Smalley authoredDefine a specific block device type for system so that we can prevent raw writes to the system partition by anything other than recovery. Define a specific block device type for recovery so that we can prevent raw writes to the recovery partition by anything other than install_recovery or recovery. These types must be assigned to specific block device nodes via device-specific policy. This change merely defines the types, adds allow rules so that nothing will break when the types are assigned, and adds neverallow rules to prevent adding further allow rules on these types. This change does not remove access to the generic block_device type from any domain so nothing should break even on devices without these type assignments. Change-Id: Ie9c1f6d632f6e9e8cbba106f07f6b1979d2a3c4a Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredDefine a specific block device type for system so that we can prevent raw writes to the system partition by anything other than recovery. Define a specific block device type for recovery so that we can prevent raw writes to the recovery partition by anything other than install_recovery or recovery. These types must be assigned to specific block device nodes via device-specific policy. This change merely defines the types, adds allow rules so that nothing will break when the types are assigned, and adds neverallow rules to prevent adding further allow rules on these types. This change does not remove access to the generic block_device type from any domain so nothing should break even on devices without these type assignments. Change-Id: Ie9c1f6d632f6e9e8cbba106f07f6b1979d2a3c4a Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>
surfaceflinger.te 1.67 KiB
# surfaceflinger - display compositor service
type surfaceflinger, domain;
permissive surfaceflinger;
type surfaceflinger_exec, exec_type, file_type;
init_daemon_domain(surfaceflinger)
typeattribute surfaceflinger mlstrustedsubject;
# Talk to init over the property socket.
unix_socket_connect(surfaceflinger, property, init)
# Perform Binder IPC.
binder_use(surfaceflinger)
binder_call(surfaceflinger, system_server)
binder_service(surfaceflinger)
# Access the GPU.
allow surfaceflinger gpu_device:chr_file rw_file_perms;
# Access /dev/graphics/fb0.
allow surfaceflinger graphics_device:dir search;
allow surfaceflinger graphics_device:chr_file rw_file_perms;
# Access /dev/video1.
allow surfaceflinger video_device:dir r_dir_perms;
allow surfaceflinger video_device:chr_file rw_file_perms;
# Create and use netlink kobject uevent sockets.
allow surfaceflinger self:netlink_kobject_uevent_socket *;
# Set properties.
allow surfaceflinger system_prop:property_service set;
allow surfaceflinger ctl_default_prop:property_service set;
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
allow surfaceflinger platform_app_data_file:file { read write };
allow surfaceflinger app_data_file:file { read write };
# Use open file provided by bootanim.
allow surfaceflinger bootanim:fd use;
# Allow a dumpstate triggered screenshot
binder_call(surfaceflinger, dumpstate)
binder_call(surfaceflinger, shell)
allow surfaceflinger shell_data_file:file write;
# Needed on some devices for playing DRM protected content,
# but seems expected and appropriate for all devices.
allow surfaceflinger tee:unix_stream_socket connectto;
allow surfaceflinger tee_device:chr_file rw_file_perms;