Add recovery_persist & recovery_refresh

am: 16fe52c9 * commit '16fe52c9': Add recovery_persist & recovery_refresh

Add recovery_persist & recovery_refresh
000c03b4 · Mark Salyzyn · android-build-merger · 47506854 · 16fe52c9 · 000c03b4
Commit 000c03b4 authored 9 years ago by Mark Salyzyn Committed by android-build-merger 9 years ago
--- a/file.te
+++ b/file.te
@@ -142,6 +142,7 @@ type misc_user_data_file, file_type, data_file_type;
 type net_data_file, file_type, data_file_type;
 type nfc_data_file, file_type, data_file_type;
 type radio_data_file, file_type, data_file_type, mlstrustedobject;
+type recovery_data_file, file_type, data_file_type;
 type shared_relro_file, file_type, data_file_type;
 type systemkeys_data_file, file_type, data_file_type;
 type vpn_data_file, file_type, data_file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -181,6 +181,8 @@
 /system/bin/debuggerd	u:object_r:debuggerd_exec:s0
 /system/bin/debuggerd64	u:object_r:debuggerd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
+/system/bin/recovery-persist     u:object_r:recovery_persist_exec:s0
+/system/bin/recovery-refresh     u:object_r:recovery_refresh_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/bin/dhcpcd      u:object_r:dhcp_exec:s0
 /system/bin/dhcpcd-6.8.2	u:object_r:dhcp_exec:s0
@@ -277,6 +279,7 @@
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
+/data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
 /data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0

--- a/recovery_persist.te
+++ b/recovery_persist.te
+# android recovery persistent log manager
+type recovery_persist, domain;
+type recovery_persist_exec, exec_type, file_type;
+init_daemon_domain(recovery_persist)
+allow recovery_persist pstorefs:dir search;
+allow recovery_persist pstorefs:file r_file_perms;
+allow recovery_persist recovery_data_file:file create_file_perms;
+allow recovery_persist recovery_data_file:dir create_dir_perms;
+###
+### Neverallow rules
+###
+### recovery_persist should NEVER do any of this
+# Block device access.
+neverallow recovery_persist dev_type:blk_file { read write };
+# ptrace any other app
+neverallow recovery_persist domain:process ptrace;
+# Write to /system.
+neverallow recovery_persist system_file:dir_file_class_set write;
+# Write to files in /data/data
+neverallow recovery_persist { app_data_file system_data_file }:dir_file_class_set write;
+# recovery_persist is not allowed to write anywhere other than recovery_data_file
+neverallow recovery_persist { file_type -recovery_data_file -recovery_persist_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
--- a/recovery_refresh.te
+++ b/recovery_refresh.te
+# android recovery refresh log manager
+type recovery_refresh, domain;
+type recovery_refresh_exec, exec_type, file_type;
+init_daemon_domain(recovery_refresh)
+allow recovery_refresh pstorefs:dir search;
+allow recovery_refresh pstorefs:file r_file_perms;
+# NB: domain inherits write_logd which hands us write to pmsg_device
+###
+### Neverallow rules
+###
+### recovery_refresh should NEVER do any of this
+# Block device access.
+neverallow recovery_refresh dev_type:blk_file { read write };
+# ptrace any other app
+neverallow recovery_refresh domain:process ptrace;
+# Write to /system.
+neverallow recovery_refresh system_file:dir_file_class_set write;
+# Write to files in /data/data or system files on /data
+neverallow recovery_refresh { app_data_file system_data_file }:dir_file_class_set write;
+# recovery_refresh is not allowed to write anywhere
+neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write;