Add prng_seeder
The daemon has the exclusive access to /dev/hw_random which is the true
source of the entrophy and provides a socket (/dev/prng_seeder/socket)
to other processes for providing random numbers.
Bug: 247781653
Test: same as aosp/I0a7e339115a2cf6b819730dcf5f8b189a339c57d
* Verify prng_seeder daemon is running and has the
correct label (via ps -Z)
* Verify prng_seeder socket present and has correct
label (via ls -Z)
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
Change-Id: I5061d2a2bab649bcbcc1537952dd01e4a39f7bf0
diff --git a/microdroid/ueventd.rc b/microdroid/ueventd.rc
index 268d3a2..0c5fbfc 100644
--- a/microdroid/ueventd.rc
+++ b/microdroid/ueventd.rc
@@ -29,3 +29,6 @@
/dev/hvc2 0666 system system
/dev/open-dice0 0660 root root
+
+# Aside from kernel threads, only prng_seeder needs access to HW RNG
+/dev/hw_random 0400 prng_seeder prng_seeder