Skip to content
Snippets Groups Projects
Commit bf626ce9 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

appdomain: relax netlink_socket neverallow rule 

Relax the neverallow netlink restrictions for app domains.
In particular, some non-AOSP app domains may use netlink sockets
to communicate with a kernel driver.

Continue to neverallow generic netlink sockets for untrusted_app.
The intention here is that only app domains which explicitly need
this functionality should be able to request it.

This change does not add or remove any SELinux rules. Rather, it
just changes SELinux compile time assertions, as well as allowing
this behavior in CTS.

Modify other neverallow rules to use "domain" instead of "self".
Apps shouldn't be able to handle netlink sockets, even those
created in other SELinux domains.

(cherry picked from commit d31936f8)

Bug: 19198997
Change-Id: Icfed1ee66f082df1117b090341f62981f01bc849
parent 7ef348b1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app.te
+ 2
3
View file @ bf626ce9
...@@ -229,8 +229,7 @@ neverallow appdomain tee_device:chr_file { read write }; ...@@ -229,8 +229,7 @@ neverallow appdomain tee_device:chr_file { read write };
# Privileged netlink socket interfaces. # Privileged netlink socket interfaces.
neverallow appdomain neverallow appdomain
self:{ domain:{
netlink_socket
netlink_firewall_socket netlink_firewall_socket
netlink_tcpdiag_socket netlink_tcpdiag_socket
netlink_nflog_socket netlink_nflog_socket
...@@ -243,7 +242,7 @@ neverallow appdomain ...@@ -243,7 +242,7 @@ neverallow appdomain
# These messages are broadcast messages from the kernel to userspace. # These messages are broadcast messages from the kernel to userspace.
# Do not allow the writing of netlink messages, which has been a source # Do not allow the writing of netlink messages, which has been a source
# of rooting vulns in the past. # of rooting vulns in the past.
neverallow appdomain self:netlink_kobject_uevent_socket { write append }; neverallow appdomain domain:netlink_kobject_uevent_socket { write append };
# Sockets under /dev/socket that are not specifically typed. # Sockets under /dev/socket that are not specifically typed.
neverallow appdomain socket_device:sock_file write; neverallow appdomain socket_device:sock_file write;
......
untrusted_app.te
+ 4
1
View file @ bf626ce9
...@@ -76,7 +76,10 @@ allow untrusted_app cache_file:file create_file_perms; ...@@ -76,7 +76,10 @@ allow untrusted_app cache_file:file create_file_perms;
### ###
# Receive or send uevent messages. # Receive or send uevent messages.
neverallow untrusted_app self:netlink_kobject_uevent_socket *; neverallow untrusted_app domain:netlink_kobject_uevent_socket *;
# Receive or send generic netlink messages
neverallow untrusted_app domain:netlink_socket *;
# Too much leaky information in debugfs. It's a security # Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable. # best practice to ensure these files aren't readable.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment