Merge "Revert "Track usbd SELinux denial.""
diff --git a/private/domain.te b/private/domain.te
index d2d0209..670e353 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -82,6 +82,9 @@
allow domain su:key search;
')
+# Allow access to linkerconfig file
+allow domain linkerconfig_file:file r_file_perms;
+
# Limit ability to ptrace or read sensitive /proc/pid files of processes
# with other UIDs to these whitelisted domains.
neverallow {
diff --git a/private/file.te b/private/file.te
index a856792..26b58f4 100644
--- a/private/file.te
+++ b/private/file.te
@@ -20,3 +20,6 @@
# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
# of application data.
type rollback_data_file, file_type, data_file_type, core_data_file_type;
+
+# /dev/linkerconfig(/.*)?
+type linkerconfig_file, file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 5532bd3..6975e7c 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -99,6 +99,7 @@
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
/dev/ion u:object_r:ion_device:s0
/dev/keychord u:object_r:keychord_device:s0
+/dev/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
/dev/loop-control u:object_r:loop_control_device:s0
/dev/modem.* u:object_r:radio_device:s0
/dev/mtp_usb u:object_r:mtp_device:s0
@@ -261,6 +262,7 @@
/system/bin/healthd u:object_r:healthd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
+/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/llkd u:object_r:llkd_exec:s0
/system/bin/lmkd u:object_r:lmkd_exec:s0
diff --git a/private/linkerconfig.te b/private/linkerconfig.te
new file mode 100644
index 0000000..8acd734
--- /dev/null
+++ b/private/linkerconfig.te
@@ -0,0 +1,10 @@
+type linkerconfig, domain, coredomain;
+type linkerconfig_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(linkerconfig)
+
+## Read and write linkerconfig subdirectory.
+allow linkerconfig linkerconfig_file:dir rw_dir_perms;
+allow linkerconfig linkerconfig_file:file create_file_perms;
+
+neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms;
diff --git a/private/logpersist.te b/private/logpersist.te
index 4187627..6f6ab50 100644
--- a/private/logpersist.te
+++ b/private/logpersist.te
@@ -24,5 +24,6 @@
userdebug_or_eng(`-misc_logd_file -coredump_file')
with_native_coverage(`-method_trace_data_file')
}:file { create write append };
-neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain -init -dumpstate userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_w_file_perms;
neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
diff --git a/private/service_contexts b/private/service_contexts
index e21ba4f..7d6cb47 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -91,7 +91,7 @@
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
ipsec u:object_r:ipsec_service:s0
-ircs u:object_r:radio_service:s0
+ircsmessage u:object_r:radio_service:s0
iris u:object_r:iris_service:s0
isms_msim u:object_r:radio_service:s0
isms2 u:object_r:radio_service:s0
diff --git a/public/domain.te b/public/domain.te
index a914aaf..b620ec1 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -426,11 +426,9 @@
neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write };
neverallow { domain -init -vendor_init } proc_security:file { append open read write };
-# Nobody is allowed to make binder calls into init.
-# Only servicemanager may transfer binder references to init
-# vendor_init shouldn't use binder at all.
-neverallow * init:binder ~{ transfer };
-neverallow { domain -servicemanager } init:binder { transfer };
+# Init can't do anything with binder calls. If this neverallow rule is being
+# triggered, it's probably due to a service with no SELinux domain.
+neverallow * init:binder *;
neverallow * vendor_init:binder *;
# Don't allow raw read/write/open access to block_device
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 6a50f87..684637d 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -214,10 +214,8 @@
')
# Access /data/misc/logd
-userdebug_or_eng(`
- allow dumpstate misc_logd_file:dir r_dir_perms;
- allow dumpstate misc_logd_file:file r_file_perms;
-')
+allow dumpstate misc_logd_file:dir r_dir_perms;
+allow dumpstate misc_logd_file:file r_file_perms;
allow dumpstate app_fuse_file:dir r_dir_perms;
allow dumpstate overlayfs_file:dir r_dir_perms;
diff --git a/public/fastbootd.te b/public/fastbootd.te
index 8ebe387..39abc5e 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -77,6 +77,9 @@
allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
+ # Needed because libdm reads sysfs to validate when a dm path is ready.
+ r_dir_file(fastbootd, sysfs_dm)
+
# Needed for realpath() call to resolve symlinks.
allow fastbootd block_device:dir getattr;
userdebug_or_eng(`
diff --git a/public/init.te b/public/init.te
index 55adaaa..f7ef232 100644
--- a/public/init.te
+++ b/public/init.te
@@ -553,14 +553,6 @@
allow init vold_metadata_file:dir create_dir_perms;
allow init vold_metadata_file:file getattr;
-# Allow init to use binder
-binder_use(init);
-allow init apex_service:service_manager find;
-# Allow servicemanager to pass it
-allow servicemanager init:binder transfer;
-# Allow calls from init to apexd
-allow init apexd:binder call;
-
# Allow init to touch PSI monitors
allow init proc_pressure_mem:file { rw_file_perms setattr };
@@ -585,10 +577,8 @@
# init should never execute a program without changing to another domain.
neverallow init { file_type fs_type }:file execute_no_trans;
-# init can only find the APEX service
-neverallow init { service_manager_type -apex_service }:service_manager { find };
# init can never add binder services
-neverallow init service_manager_type:service_manager { add };
+neverallow init service_manager_type:service_manager { add find };
# init can never list binder services
neverallow init servicemanager:service_manager list;
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index a326d4c..e53f78e 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -56,6 +56,9 @@
# Read files in /sys/firmware/devicetree/base/firmware/android/
r_dir_file(update_engine_common, sysfs_dt_firmware_android)
+# Needed because libdm reads sysfs to validate when a dm path is ready.
+r_dir_file(update_engine_common, sysfs_dm)
+
# read / write on /dev/device-mapper to map / unmap devices
allow update_engine_common dm_device:chr_file rw_file_perms;
diff --git a/tools/version_policy.c b/tools/version_policy.c
index 8848190..8bb422a 100644
--- a/tools/version_policy.c
+++ b/tools/version_policy.c
@@ -65,14 +65,15 @@
rc = cil_add_file(*db, path, buff, file_size);
if (rc != SEPOL_OK) {
fprintf(stderr, "Failure adding %s to parse tree\n", path);
- goto err;
+ goto parse_err;
}
free(buff);
return SEPOL_OK;
err:
- free(buff);
fclose(file);
+parse_err:
+ free(buff);
file_err:
cil_db_destroy(db);
return rc;