Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 44abbc37fd5bf37b409807e251f8a5f5b22e1eb9^1..44abbc37fd5bf37b409807e251f8a5f5b22e1eb9 / .
commit44abbc37fd5bf37b409807e251f8a5f5b22e1eb9[log] [tgz]
authorRichard Fung <richardfung@google.com>Tue Nov 23 04:20:05 2021 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Nov 23 04:20:05 2021 +0000
tree03b60fe5bf00af16871f513a02d453a41a81629e
parent797ad10afe171bd222be89c0a387822151473166 [diff]
parent636a591f9c67b4714e92eb7c7f44c1fe50cd7ba6 [diff]
Merge "Support reading block apexes from system_server" am: 6d3bc08dbb am: 4ead13bfc9 am: 4412c7d16f am: 636a591f9c

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1899604

Change-Id: Ic8d025b91043b5713ffc0039b0f641cbb4c1dd34

diff --git a/private/system_server.te b/private/system_server.te
index 5b67b70..68792e8 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1250,10 +1250,13 @@
 # https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
 neverallow system_server data_file_type:file no_x_file_perms;
 
-# The only block device system_server should be accessing is
+# The only block device system_server should be writing to is
 # the frp_block_device. This helps avoid a system_server to root
 # escalation by writing to raw block devices.
-neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms;
+# The system_server may need to read from vd_device if it uses
+# block apexes.
+neverallow system_server { dev_type -frp_block_device }:blk_file no_w_file_perms;
+neverallow system_server { dev_type -frp_block_device -vd_device }:blk_file r_file_perms;
 
 # system_server should never use JIT functionality
 # See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html