Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
AndroidSystemSEPolicy
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Werner Sembach
AndroidSystemSEPolicy
Commits
25ed8fa3
Commit
25ed8fa3
authored
10 years ago
by
Elliott Hughes
Committed by
Android Git Automerger
10 years ago
Browse files
Options
Downloads
Plain Diff
am
f17bbab7
: am
ecd57731
: Merge "SELinux policy changes for re-execing init."
* commit '
f17bbab7
': SELinux policy changes for re-execing init.
parents
2d425de9
f17bbab7
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
domain.te
+2
-1
2 additions, 1 deletion
domain.te
file_contexts
+1
-1
1 addition, 1 deletion
file_contexts
init.te
+23
-6
23 additions, 6 deletions
init.te
kernel.te
+7
-21
7 additions, 21 deletions
kernel.te
with
33 additions
and
29 deletions
domain.te
+
2
−
1
View file @
25ed8fa3
...
...
@@ -299,7 +299,8 @@ neverallow { domain -init } property_data_file:file no_w_file_perms;
# Only recovery should be doing writes to /system
neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
{ create write setattr relabelfrom append unlink link rename };
neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
neverallow domain { system_file exec_type }:dir_file_class_set mounton;
...
...
This diff is collapsed.
Click to expand it.
file_contexts
+
1
−
1
View file @
25ed8fa3
...
...
@@ -12,7 +12,7 @@
# Executables
/charger u:object_r:rootfs:s0
/init u:object_r:
rootfs
:s0
/init u:object_r:
init_exec
:s0
/sbin(/.*)? u:object_r:rootfs:s0
# Empty directories
...
...
This diff is collapsed.
Click to expand it.
init.te
+
23
−
6
View file @
25ed8fa3
# init
switches to init domain (via init.rc)
.
# init
is its own domain
.
type init, domain, mlstrustedsubject;
tmpfs_domain(init)
# The init domain is entered by execing init.
type init_exec, exec_type, file_type;
# /dev/__null__ node created by init.
allow init tmpfs:chr_file create_file_perms;
#
# init direct restorecon calls.
#
# /dev/socket
allow init { device socket_device }:dir relabelto;
# /dev/__properties__
allow init tmpfs:file relabelfrom;
allow init properties_device:file relabelto;
# setrlimit
allow init self:capability sys_resource;
...
...
@@ -30,6 +45,8 @@ allow init self:capability sys_admin;
allow init rootfs:dir create_dir_perms;
allow init rootfs:dir mounton;
allow init proc:dir mounton;
# Mount on /dev/usb-ffs/adb.
allow init device:dir mounton;
...
...
@@ -144,8 +161,8 @@ recovery_only(`
domain_trans(init, rootfs, recovery)
')
domain_trans(init, shell_exec, shell)
domain_trans(init,
rootfs
, ueventd)
domain_trans(init,
rootfs
, watchdogd)
domain_trans(init,
init_exec
, ueventd)
domain_trans(init,
init_exec
, watchdogd)
# Support "adb shell stop"
allow init self:capability kill;
...
...
@@ -257,9 +274,9 @@ unix_socket_connect(init, vold, vold)
# The init domain is only entered via setcon from the kernel domain,
# never via an exec-based transition.
neverallow
{
domain
-kernel}
init:process dyntransition;
neverallow domain init:process transition;
neverallow init { file_type fs_type }:file entrypoint;
neverallow domain init:process dyntransition;
neverallow
{
domain
-kernel}
init:process transition;
neverallow init { file_type fs_type
-init_exec
}:file entrypoint;
# Never read/follow symlinks created by shell or untrusted apps.
neverallow init shell_data_file:lnk_file read;
...
...
This diff is collapsed.
Click to expand it.
kernel.te
+
7
−
21
View file @
25ed8fa3
...
...
@@ -3,15 +3,11 @@ type kernel, domain, mlstrustedsubject;
allow kernel self:capability sys_nice;
# Run /init before we have switched domains.
allow kernel rootfs:file execute_no_trans;
# /dev/__null__ node created by init prior to policy load.
allow kernel tmpfs:chr_file rw_file_perms;
# setcon to init domain.
allow kernel self:process setcurrent;
allow kernel init:process dyntransition;
# Allow init relabel itself.
allow kernel rootfs:file relabelfrom;
allow kernel init_exec:file relabelto;
# TODO: investigate why we need this.
allow kernel init:process share;
# cgroup filesystem initialization prior to setting the cgroup root directory label.
allow kernel unlabeled:dir search;
...
...
@@ -20,18 +16,6 @@ allow kernel unlabeled:dir search;
allow kernel usbfs:filesystem mount;
allow kernel usbfs:dir search;
# init direct restorecon calls prior to switching to init domain
# /dev and /dev/socket
allow kernel tmpfs:dir relabelfrom;
allow kernel { device socket_device }:dir relabelto;
# /dev/__properties__
allow kernel tmpfs:file relabelfrom;
allow kernel properties_device:file relabelto;
# /sys
allow kernel sysfs:{ dir file lnk_file } relabelfrom;
allow kernel sysfs_type:{ dir file lnk_file } relabelto;
allow kernel sysfs_type:dir r_dir_perms;
# Initial setenforce by init prior to switching to init domain.
# We use dontaudit instead of allow to prevent a kernel spawned userspace
# process from turning off SELinux once enabled.
...
...
@@ -58,6 +42,8 @@ allow kernel vold:fd use;
allow kernel app_data_file:file read;
allow kernel asec_image_file:file read;
domain_auto_trans(kernel, init_exec, init)
###
### neverallow rules
###
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
