Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 4ff233326b7f157dc32012460c89e3cc6b103666^2..4ff233326b7f157dc32012460c89e3cc6b103666 / .
commit4ff233326b7f157dc32012460c89e3cc6b103666[log] [tgz]
authorFyodor Kupolov <fkupolov@google.com>Thu Feb 23 22:38:23 2017 +0000
committerandroid-build-merger <android-build-merger@google.com>Thu Feb 23 22:38:23 2017 +0000
treeef6a50b27cf2a3bd1c7245998e88b74fc491cb01
parent139d422d4252d7e9ffd08706444126544e09c796 [diff]
parent409bcf8c11be607c05cc6fbb8fd66edb37191993 [diff]
Allow installd to delete from preloads/file_cache am: a64b685013 am: 797163db24
am: 409bcf8c11

Change-Id: I755e1d81dbd5abeb8ca7aeb3967474e0b73e2629

diff --git a/private/file_contexts b/private/file_contexts
index 1754ffe..9e2abeb 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -246,6 +246,7 @@
 /system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
+/system/bin/vr_wm                u:object_r:vr_wm_exec:s0
 /system/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_exec:s0
 
@@ -317,6 +318,7 @@
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
+/data/misc/reboot(/.*)?         u:object_r:reboot_data_file:s0
 /data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0

diff --git a/private/service_contexts b/private/service_contexts
index 6f46793..d41dd9e 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -155,6 +155,7 @@
 vibrator                                  u:object_r:vibrator_service:s0
 virtual_touchpad                          u:object_r:virtual_touchpad_service:s0
 voiceinteraction                          u:object_r:voiceinteraction_service:s0
+vr_window_manager                         u:object_r:vr_window_manager_service:s0
 vrmanager                                 u:object_r:vr_manager_service:s0
 wallpaper                                 u:object_r:wallpaper_service:s0
 webviewupdate                             u:object_r:webviewupdate_service:s0

diff --git a/private/system_app.te b/private/system_app.te
index 7539da2..6de3693 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -56,7 +56,7 @@
 
 allow system_app servicemanager:service_manager list;
 # TODO: scope this down? Too broad?
-allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service }:service_manager find;
+allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service }:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state

diff --git a/private/system_server.te b/private/system_server.te
index 5db6850..2c132ea 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -68,16 +68,13 @@
     net_raw
     sys_boot
     sys_nice
-    sys_resource
+    sys_ptrace
     sys_time
     sys_tty_config
 };
 
 wakelock_use(system_server)
 
-# Triggered by /proc/pid accesses, not allowed.
-dontaudit system_server self:capability sys_ptrace;
-
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
 
@@ -694,3 +691,11 @@
 # dexoptanalyzer is currently used only for secondary dex files which
 # system_server should never access.
 neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
+
+# No ptracing others
+neverallow system_server { domain -system_server }:process ptrace;
+
+# CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID
+# file read access. However, that is now unnecessary (b/34951864)
+# This neverallow can be removed after b/34951864 is fixed.
+neverallow system_server system_server:capability sys_resource;

diff --git a/private/vr_wm.te b/private/vr_wm.te
new file mode 100644
index 0000000..276d434
--- /dev/null
+++ b/private/vr_wm.te

@@ -0,0 +1,4 @@
+# vr_wm - VR Window Manager
+
+# The vr_wm is started by init.
+init_daemon_domain(vr_wm)

diff --git a/public/bootanim.te b/public/bootanim.te
index 9c5702d..7c78d2e 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te

@@ -19,7 +19,6 @@
 
 allow bootanim audioserver_service:service_manager find;
 allow bootanim surfaceflinger_service:service_manager find;
-allow bootanim audioserver_service:service_manager find;
 
 # Allow access to ion memory allocation device
 allow bootanim ion_device:chr_file rw_file_perms;

diff --git a/public/file.te b/public/file.te
index cd646f5..5cbc75a 100644
--- a/public/file.te
+++ b/public/file.te

@@ -167,6 +167,7 @@
 type net_data_file, file_type, data_file_type;
 type nfc_data_file, file_type, data_file_type;
 type radio_data_file, file_type, data_file_type, mlstrustedobject;
+type reboot_data_file, file_type, data_file_type;
 type recovery_data_file, file_type, data_file_type;
 type shared_relro_file, file_type, data_file_type;
 type systemkeys_data_file, file_type, data_file_type;

diff --git a/public/performanced.te b/public/performanced.te
index 8f9d16b..95038cd 100644
--- a/public/performanced.te
+++ b/public/performanced.te

@@ -10,9 +10,9 @@
 # Access /proc to validate we're only affecting threads in the same thread group.
 # Performanced also shields unbound kernel threads.  It scans every task in the
 # root cpu set, but only affects the kernel threads.
-r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger })
+r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger vr_wm })
 dontaudit performanced domain:dir read;
-allow performanced { appdomain bufferhubd kernel sensord surfaceflinger }:process setsched;
+allow performanced { appdomain bufferhubd kernel sensord surfaceflinger vr_wm }:process setsched;
 
 # Access /dev/cpuset/cpuset.cpus
 r_dir_file(performanced, cgroup)

diff --git a/public/service.te b/public/service.te
index c8cd4de..dac5069 100644
--- a/public/service.te
+++ b/public/service.te

@@ -26,6 +26,7 @@
 type system_app_service,        service_manager_type;
 type update_engine_service,     service_manager_type;
 type virtual_touchpad_service,  service_manager_type;
+type vr_window_manager_service, service_manager_type;
 
 # system_server_services broken down
 type accessibility_service, app_api_service, system_server_service, service_manager_type;

diff --git a/public/virtual_touchpad.te b/public/virtual_touchpad.te
index 92d5c27..544550a 100644
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te

@@ -9,4 +9,4 @@
 allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
 
 # Limit access so that nothing else can inject input.
-neverallow { domain -system_app -virtual_touchpad } virtual_touchpad_service:service_manager find;
+neverallow { domain -virtual_touchpad -vr_wm } virtual_touchpad_service:service_manager find;

diff --git a/public/vr_wm.te b/public/vr_wm.te
new file mode 100644
index 0000000..7b6e3c0
--- /dev/null
+++ b/public/vr_wm.te

@@ -0,0 +1,26 @@
+type vr_wm, domain;
+type vr_wm_exec, exec_type, file_type;
+
+binder_use(vr_wm)
+binder_call(vr_wm, surfaceflinger)
+binder_call(vr_wm, virtual_touchpad)
+
+allow vr_wm virtual_touchpad_service:service_manager find;
+
+binder_service(vr_wm)
+add_service(vr_wm, vr_window_manager_service)
+
+# Hosts the VR HWC implementation and provides a simple Binder interface for VR
+# Window Manager to receive the layers/buffers.
+hwbinder_use(vr_wm)
+
+# Load vendor libraries.
+allow vr_wm system_file:dir r_dir_perms;
+
+allow vr_wm gpu_device:chr_file rw_file_perms;
+allow vr_wm ion_device:chr_file r_file_perms;
+
+use_pdx(vr_wm, bufferhubd)
+use_pdx(vr_wm, sensord)
+use_pdx(vr_wm, surfaceflinger)
+use_pdx(vr_wm, performanced)