Skip to content
Snippets Groups Projects
Commit b71185fc authored by Nick Kralevich's avatar Nick Kralevich Committed by android-build-merger
Browse files

Merge "system_server: neverallow new file exec types"

am: cce2f471

* commit 'cce2f471':
  system_server: neverallow new file exec types

Change-Id: I4afc4e74b86e8f6ab76fc64685365a4288826153
parents 786926a9 cce2f471
No related branches found
No related tags found
No related merge requests found
......@@ -314,8 +314,9 @@ allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_
allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms };
allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms;
# Run system programs, e.g. dexopt.
# Run system programs, e.g. dexopt. Needed? (b/28035297)
allow system_server system_file:file x_file_perms;
auditallow system_server system_file:file execute_no_trans;
# LocationManager(e.g, GPS) needs to read and write
# to uart driver and ctrl proc entry
......@@ -467,13 +468,24 @@ neverallow system_server sdcard_type:file rw_file_perms;
# those types that system_server needs to open directly.
neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file { open create unlink link };
# Forking and execing is inherently dangerous and racy. See, for
# example, https://www.linuxprogrammingblog.com/threads-and-fork-think-twice-before-using-them
# Prevent the addition of new file execs to stop the problem from
# getting worse. b/28035297
neverallow system_server { file_type -toolbox_exec -logcat_exec -system_file }:file execute_no_trans;
# System server should never transition to a new domain. This compliments
# and enforces the already pre-existing PR_SET_NO_NEW_PRIVS flag.
neverallow system_server *:process { transition dyntransition };
# system_server should never be executing dex2oat. This is either
# a bug (for example, bug 16317188), or represents an attempt by
# system server to dynamically load a dex file, something we do not
# want to allow.
neverallow system_server dex2oat_exec:file no_x_file_perms;
# system_server should never execute anything from /data except for /data/dalvik-cache files.
# system_server should never execute or load executable shared libraries
# in /data except for /data/dalvik-cache files.
neverallow system_server {
data_file_type
-dalvikcache_data_file #mapping with PROT_EXEC
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment