From 9e7a5b0a7cd5a17b44d9682c5a16ae2119ad2c94 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Mon, 9 Jan 2017 14:57:03 -0800
Subject: [PATCH] Auditing init and ueventd access to chr device files.

It seems likely that there is no reason to keep around a number of
devices that are configured to be included into the pixel kernels. Init
and ueventd should be the only processes with r/w access to these
devices, so auditallow rules have been added to ensure that they aren't
actually used.

/dev/keychord was given its own type since it's one of the few character
devices that's actually legitimately used and would cause log spam in
the auditallow otherwise.

Bug: 33347297
Test: The phone boots without any apparent log spam.

Change-Id: I3dd9557df8a9218b8c802e33ff549d15849216fb
---
 private/file_contexts | 1 +
 public/device.te      | 1 +
 public/init.te        | 6 +++---
 public/ueventd.te     | 2 ++
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/private/file_contexts b/private/file_contexts
index 4d2464a32..4d35a177b 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -83,6 +83,7 @@
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
+/dev/keychord   u:object_r:keychord_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
 /dev/mem		u:object_r:kmem_device:s0
diff --git a/public/device.te b/public/device.te
index 6866330c1..633515fe9 100644
--- a/public/device.te
+++ b/public/device.te
@@ -10,6 +10,7 @@ type hwbinder_device, dev_type, mlstrustedobject;
 type block_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
+type keychord_device, dev_type;
 type loop_device, dev_type;
 type pmsg_device, dev_type, mlstrustedobject;
 type radio_device, dev_type;
diff --git a/public/init.te b/public/init.te
index 528c6b8f0..c858f8f0a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -308,13 +308,13 @@ allow init hw_random_device:chr_file r_file_perms;
 allow init device:file create_file_perms;
 
 # Access character devices without a specific type,
-# e.g. /dev/keychord.
-# TODO: Move these devices into their own type unless they
-# are only ever accessed by init.
+# TODO: Remove this access and auditallow (b/33347297)
 allow init device:chr_file { rw_file_perms setattr };
+auditallow init device:chr_file { rw_file_perms setattr };
 
 # keychord configuration
 allow init self:capability sys_tty_config;
+allow init keychord_device:chr_file rw_file_perms;
 
 # Access device mapper for setting up dm-verity
 allow init dm_device:chr_file rw_file_perms;
diff --git a/public/ueventd.te b/public/ueventd.te
index 3f1dcd473..11235ed35 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -8,6 +8,8 @@ allow ueventd kmsg_device:chr_file rw_file_perms;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
+auditallow ueventd device:chr_file rw_file_perms;
+
 r_dir_file(ueventd, sysfs_type)
 r_dir_file(ueventd, rootfs)
 allow ueventd sysfs:file w_file_perms;
-- 
GitLab