Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
AndroidSystemSEPolicy
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Werner Sembach
AndroidSystemSEPolicy
Commits
cce2f471
Commit
cce2f471
authored
Apr 7, 2016
by
Nick Kralevich
Committed by
Gerrit Code Review
Apr 7, 2016
Browse files
Options
Downloads
Plain Diff
Merge "system_server: neverallow new file exec types"
parents
a9671c6b
f84b7981
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
system_server.te
+14
-2
14 additions, 2 deletions
system_server.te
with
14 additions
and
2 deletions
system_server.te
+
14
−
2
View file @
cce2f471
...
...
@@ -314,8 +314,9 @@ allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_
allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms };
allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms;
# Run system programs, e.g. dexopt.
# Run system programs, e.g. dexopt.
Needed? (b/28035297)
allow system_server system_file:file x_file_perms;
auditallow system_server system_file:file execute_no_trans;
# LocationManager(e.g, GPS) needs to read and write
# to uart driver and ctrl proc entry
...
...
@@ -467,13 +468,24 @@ neverallow system_server sdcard_type:file rw_file_perms;
# those types that system_server needs to open directly.
neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file { open create unlink link };
# Forking and execing is inherently dangerous and racy. See, for
# example, https://www.linuxprogrammingblog.com/threads-and-fork-think-twice-before-using-them
# Prevent the addition of new file execs to stop the problem from
# getting worse. b/28035297
neverallow system_server { file_type -toolbox_exec -logcat_exec -system_file }:file execute_no_trans;
# System server should never transition to a new domain. This compliments
# and enforces the already pre-existing PR_SET_NO_NEW_PRIVS flag.
neverallow system_server *:process { transition dyntransition };
# system_server should never be executing dex2oat. This is either
# a bug (for example, bug 16317188), or represents an attempt by
# system server to dynamically load a dex file, something we do not
# want to allow.
neverallow system_server dex2oat_exec:file no_x_file_perms;
# system_server should never execute anything from /data except for /data/dalvik-cache files.
# system_server should never execute or load executable shared libraries
# in /data except for /data/dalvik-cache files.
neverallow system_server {
data_file_type
-dalvikcache_data_file #mapping with PROT_EXEC
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment