commit 2f6151ea445f9fab01296bf740c6714a371313b0
author Alex Klyubin <klyubin@google.com> Thu Mar 30 17:39:00 2017 -0700
committer Alex Klyubin <klyubin@google.com> Fri Mar 31 09:17:54 2017 -0700
tree 99b266731a7ebaa0fea460731f976aaaa91764d4
parent ea0a30276dffe5ad33f1b5e72e609ab3e929ca12

Tighten restrictions on core <-> vendor socket comms

This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0d86f485dfff05a2f13819997bfd462e1)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index ddeeb1b..a731f5a 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -190,6 +190,12 @@
 binder_call(system_server, hal_vr)
 hal_client_domain(system_server, hal_vr)
 hal_client_domain(system_server, hal_wifi)
+
+# TODO(b/34274385): Remove this once Wi-Fi Supplicant HAL is guaranteed to be binderized on full
+# Treble devices. Passthrough Wi-Fi Supplicant HAL makes system_server touch wpa_socket which is a
+# vendor type. system_server, being a non-vendor component, is not permitted to touch that socket.
+typeattribute system_server socket_between_core_and_vendor_violators;
+
 hal_client_domain(system_server, hal_wifi_supplicant)
 
 # Talk to tombstoned to get ANR traces.