Skip to content
Snippets Groups Projects
Commit c1812181 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Deduplicate and rationalize system_server /proc/pid access. 


The system_server has duplicate/overlapping rules regarding
/proc/pid access as well as a lack of clarity on the reason
for the different rules.  Deduplicate the rules and clarify
the purpose of different sets of rules.

Replace the rules granting /proc/pid access for all domains with
specific rules only for domains that we know should be accessible
by the system_server, i.e. all apps (appdomain) and the set of
native processes listed in com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST.

Change-Id: Idae6fc87e19e1700cdc4bdbde521d35caa046d74
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent d9d9d2f4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 12 deletions
system_server.te
+ 8
12
View file @ c1812181
...@@ -74,9 +74,11 @@ allow system_server appdomain:process { sigkill signal }; ...@@ -74,9 +74,11 @@ allow system_server appdomain:process { sigkill signal };
allow system_server appdomain:process { getsched setsched }; allow system_server appdomain:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched }; allow system_server mediaserver:process { getsched setsched };
# Read /proc data for apps. # Read /proc/pid data for apps.
allow system_server appdomain:dir r_dir_perms; r_dir_file(system_server, appdomain)
allow system_server appdomain:{ file lnk_file } rw_file_perms;
# Write to /proc/pid/oom_adj_score for apps.
allow system_server appdomain:file write;
# Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid. # Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
allow system_server qtaguid_proc:file rw_file_perms; allow system_server qtaguid_proc:file rw_file_perms;
...@@ -119,11 +121,10 @@ binder_call(system_server, appdomain) ...@@ -119,11 +121,10 @@ binder_call(system_server, appdomain)
binder_call(system_server, dumpstate) binder_call(system_server, dumpstate)
binder_service(system_server) binder_service(system_server)
# Read /proc/pid files for Binder clients. # Read /proc/pid files for dumping stack traces of native processes.
r_dir_file(system_server, appdomain)
r_dir_file(system_server, mediaserver) r_dir_file(system_server, mediaserver)
allow system_server appdomain:process getattr; r_dir_file(system_server, sdcardd)
allow system_server mediaserver:process getattr; r_dir_file(system_server, surfaceflinger)
# Use sockets received over binder from various services. # Use sockets received over binder from various services.
allow system_server mediaserver:tcp_socket rw_socket_perms; allow system_server mediaserver:tcp_socket rw_socket_perms;
...@@ -210,11 +211,6 @@ allow system_server cache_file:file { relabelfrom create_file_perms }; ...@@ -210,11 +211,6 @@ allow system_server cache_file:file { relabelfrom create_file_perms };
# Run system programs, e.g. dexopt. # Run system programs, e.g. dexopt.
allow system_server system_file:file x_file_perms; allow system_server system_file:file x_file_perms;
# Allow reading of /proc/pid data for other domains.
# XXX dontaudit candidate
allow system_server domain:dir r_dir_perms;
allow system_server domain:file r_file_perms;
# LocationManager(e.g, GPS) needs to read and write # LocationManager(e.g, GPS) needs to read and write
# to uart driver and ctrl proc entry # to uart driver and ctrl proc entry
allow system_server gps_device:chr_file rw_file_perms; allow system_server gps_device:chr_file rw_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment