Remove neverallow preventing hwservice access for apps. am: 3e307a4de5
am: 044d20729b
Change-Id: Ia6f8a806adae230df50f8d06edcf4ba9d2ae4352
diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 43f1135..5973485 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -25,7 +25,7 @@
# This is used for e.g. adb backup/restore.
allow domain_deprecated adbd:fd use;
userdebug_or_eng(`
-auditallow { domain_deprecated -appdomain -system_server } adbd:fd use;
+auditallow { domain_deprecated -appdomain -system_server -runas } adbd:fd use;
')
# Root fs.
diff --git a/private/property_contexts b/private/property_contexts
index 4c27b35..3ca1d70 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -50,6 +50,7 @@
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
persist.log.tag u:object_r:log_tag_prop:s0
persist.mmc. u:object_r:mmc_prop:s0
+persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0
persist.sys. u:object_r:system_prop:s0
persist.sys.safemode u:object_r:safemode_prop:s0
ro.sys.safemode u:object_r:safemode_prop:s0
diff --git a/public/netd.te b/public/netd.te
index 691887f..77974bf 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -62,6 +62,7 @@
allow netd clatd:process signal;
set_prop(netd, ctl_mdnsd_prop)
+set_prop(netd, netd_stable_secret_prop)
# Allow netd to publish a binder service and make binder calls.
binder_use(netd)
@@ -108,3 +109,11 @@
neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
neverallow { domain -system_server -dumpstate } netd:binder call;
neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
+
+# persist.netd.stable_secret contains RFC 7217 secret key which should never be
+# leaked to other processes. Make sure it never leaks.
+neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
+
+# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
+# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
+neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index c633dab..4cc2701 100644
--- a/public/property.te
+++ b/public/property.te
@@ -31,6 +31,7 @@
type mmc_prop, property_type;
type net_dns_prop, property_type;
type net_radio_prop, property_type, core_property_type;
+type netd_stable_secret_prop, property_type;
type nfc_prop, property_type, core_property_type;
type overlay_prop, property_type;
type pan_result_prop, property_type, core_property_type;
diff --git a/public/runas.te b/public/runas.te
index 7a7febf..12c4181 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -1,6 +1,7 @@
type runas, domain, mlstrustedsubject;
type runas_exec, exec_type, file_type;
+allow runas adbd:fd use;
allow runas adbd:process sigchld;
allow runas adbd:unix_stream_socket { read write };
allow runas shell:fd use;