From e2188458af2433f1fb76966ce92305745bd81776 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 13 Jul 2017 01:36:09 +0900
Subject: [PATCH] Revert "Temporarily revert the SELinux policy for
 persist.netd.stable_secret."

This re-adds netd_stable_secret_prop to core sepolicy. It was
temporarily reverted so it could be added to device-specific
policy in oc-dr1-dev.

DO NOT SUBMIT until http://ag/2528214 has automerged to master.

This reverts commit 9fa11b771b38197f2ff30d8af5700bf678c95b21.

Bug: 17613910
Test: make -j64 bootimage
Change-Id: I356c39a5dc955b3d7c28d8c7baf2887a17beb272
---
 private/property_contexts | 1 +
 public/netd.te            | 9 +++++++++
 public/property.te        | 1 +
 3 files changed, 11 insertions(+)

diff --git a/private/property_contexts b/private/property_contexts
index 23150343f..8eb2f28b2 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -50,6 +50,7 @@ persist.logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 persist.log.tag         u:object_r:log_tag_prop:s0
 persist.mmc.            u:object_r:mmc_prop:s0
+persist.netd.stable_secret      u:object_r:netd_stable_secret_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.sys.safemode    u:object_r:safemode_prop:s0
 ro.sys.safemode         u:object_r:safemode_prop:s0
diff --git a/public/netd.te b/public/netd.te
index 691887fcd..77974bf40 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -62,6 +62,7 @@ allow netd dnsmasq:process signal;
 allow netd clatd:process signal;
 
 set_prop(netd, ctl_mdnsd_prop)
+set_prop(netd, netd_stable_secret_prop)
 
 # Allow netd to publish a binder service and make binder calls.
 binder_use(netd)
@@ -108,3 +109,11 @@ neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
 neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
 neverallow { domain -system_server -dumpstate } netd:binder call;
 neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
+
+# persist.netd.stable_secret contains RFC 7217 secret key which should never be
+# leaked to other processes. Make sure it never leaks.
+neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
+
+# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
+# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
+neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index daac0fb5c..95efcaa78 100644
--- a/public/property.te
+++ b/public/property.te
@@ -30,6 +30,7 @@ type log_tag_prop, property_type, log_property_type;
 type mmc_prop, property_type;
 type net_dns_prop, property_type;
 type net_radio_prop, property_type, core_property_type;
+type netd_stable_secret_prop, property_type;
 type nfc_prop, property_type, core_property_type;
 type overlay_prop, property_type;
 type pan_result_prop, property_type, core_property_type;
-- 
GitLab