From 54e9bc4514bc29b29e5450828cdd8953163cb44c Mon Sep 17 00:00:00 2001 From: Stephen Smalley <sds@tycho.nsa.gov> Date: Thu, 4 Sep 2014 08:44:49 -0400 Subject: [PATCH] Dependencies for new goldfish service domains. In order to support the new goldfish service domains in a change with the same Change-Id for the build project, we need the following changes in external/sepolicy: - /system/bin/logcat needs its own type so that it can be used as an entrypoint for the goldfish-logcat service. A neverallow rule prevents us from allowing entrypoint to any type not in exec_type. - The config. and dalvik. property namespaces need to be labeled with something other than default_prop so that the qemu-props service can set them. A neverallow rule prevents us from allowing qemu-props to set default_prop. We allow rx_file_perms to logcat_exec for any domain that was previously allowed read_logd() as many programs will read the logs by running logcat. We do not do this for all domains as it would violate a neverallow rule on the kernel domain executing any file without transitioning to another domain, and as we ultimately want to apply the same restriction to the init domain (and possibly others). Change-Id: Idce1fb5ed9680af84788ae69a5ace684c6663974 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> --- file.te | 2 ++ file_contexts | 1 + property.te | 2 ++ property_contexts | 6 ++++++ te_macros | 3 ++- 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/file.te b/file.te index 1eb323e47..39b3d07ac 100644 --- a/file.te +++ b/file.te @@ -43,6 +43,8 @@ type usbfs, fs_type; type unlabeled, file_type; # Default type for anything under /system. type system_file, file_type; +# Type for /system/bin/logcat. +type logcat_exec, exec_type, file_type; # Default type for anything under /data. type system_data_file, file_type, data_file_type; # /data/.layout_version or other installd-created files that diff --git a/file_contexts b/file_contexts index 33ac8a3f6..aa1cee079 100644 --- a/file_contexts +++ b/file_contexts @@ -123,6 +123,7 @@ # System files # /system(/.*)? u:object_r:system_file:s0 +/system/bin/logcat -- u:object_r:logcat_exec:s0 /system/bin/sh -- u:object_r:shell_exec:s0 /system/bin/run-as -- u:object_r:runas_exec:s0 /system/bin/bootanimation u:object_r:bootanim_exec:s0 diff --git a/property.te b/property.te index cfa3ec968..1a209e9a4 100644 --- a/property.te +++ b/property.te @@ -23,3 +23,5 @@ type bluetooth_prop, property_type; type pan_result_prop, property_type; type powerctl_prop, property_type; type nfc_prop, property_type; +type dalvik_prop, property_type; +type config_prop, property_type; diff --git a/property_contexts b/property_contexts index f89c43282..8403d382d 100644 --- a/property_contexts +++ b/property_contexts @@ -61,3 +61,9 @@ ctl. u:object_r:ctl_default_prop:s0 # NFC properties nfc. u:object_r:nfc_prop:s0 + +# These properties are not normally set by processes other than init. +# They are only distinguished here for setting by qemu-props on the +# emulator/goldfish. +config. u:object_r:config_prop:s0 +dalvik. u:object_r:dalvik_prop:s0 diff --git a/te_macros b/te_macros index e211a1794..016333eba 100644 --- a/te_macros +++ b/te_macros @@ -332,9 +332,10 @@ unix_socket_send($1, logdw, logd) ##################################### # read_logd(domain) -# Ability to read from android +# Ability to run logcat and read from android # log daemon via sockets define(`read_logd', ` +allow $1 logcat_exec:file rx_file_perms; unix_socket_connect($1, logdr, logd) ') -- GitLab