am 6843a793: am 8f81dcad: Only allow system_server to send commands to zygote.

* commit '6843a793': Only allow system_server to send commands to zygote.

am 6843a793: am 8f81dcad: Only allow system_server to send commands to zygote.
1193bdf4 · dcashman · Android Git Automerger · 3e616ee8 · 6843a793 · 1193bdf4
Commit 1193bdf4 authored 10 years ago by dcashman Committed by Android Git Automerger 10 years ago
--- a/access_vectors
+++ b/access_vectors
@@ -876,14 +876,6 @@ class binder
 	transfer
 }
-class zygote
-{
-	specifyids
-	specifyrlimits
-	specifyinvokewith
-	specifyseinfo
-}
 class property_service
 {
 	set

--- a/domain.te
+++ b/domain.te
@@ -344,6 +344,10 @@ neverallow {
  -dex2oat
 } dalvikcache_data_file:file no_w_file_perms;
+# Only system_server should be able to send commands via the zygote socket
+neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
+neverallow { domain -system_server } zygote_socket:sock_file write;
 # Android does not support System V IPCs.
 #
 # The reason for this is due to the fact that, by design, they lead to global

--- a/system_server.te
+++ b/system_server.te
@@ -300,9 +300,6 @@ allow system_server wpa_socket:sock_file unlink;
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
 allow system_server system_ndebug_socket:sock_file create_file_perms;
-# Specify any arguments to zygote.
-allow system_server self:zygote { specifyids specifyrlimits specifyseinfo };
 # Manage cache files.
 allow system_server cache_file:dir { relabelfrom create_dir_perms };
 allow system_server cache_file:file { relabelfrom create_file_perms };