Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5aaf7f34617a24544c154bc18525abcd2762a3a7^! / .
commit5aaf7f34617a24544c154bc18525abcd2762a3a7[log] [tgz]
authorElliott Hughes <enh@google.com>Mon Feb 08 12:22:39 2021 -0800
committerElliott Hughes <enh@google.com>Fri Feb 12 09:33:22 2021 -0800
tree54c520000ec48f948ab9e0eb3cb30f381d2f1193
parent1a2a3bd3696266a3de70b652e280b6899a9db23f [diff]
init/ueventd and system_server no longer need access to /dev/hw_random.

We let the kernel worry about that now.

Bug: http://b/179086242
Test: treehugger
Change-Id: I51bdfaf7488717cc4e4c642261e31d1801cfba68

diff --git a/private/system_server.te b/private/system_server.te
index 7a38024..deb0776 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -770,9 +770,6 @@
 allow system_server usb_device:chr_file rw_file_perms;
 allow system_server usb_device:dir r_dir_perms;
 
-# Read from HW RNG (needed by EntropyMixer).
-allow system_server hw_random_device:chr_file r_file_perms;
-
 # Read and delete files under /dev/fscklogs.
 r_dir_file(system_server, fscklogs)
 allow system_server fscklogs:dir { write remove_name };

diff --git a/public/domain.te b/public/domain.te
index aaac8f0..e9ff65b 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -403,13 +403,11 @@
 # that could be set from init.rc.
 neverallow { domain -init } kernel:security setsecparam;
 
-# Only init, ueventd, shell and system_server should be able to access HW RNG
+# Only the kernel hwrng thread should be able to read from the HW RNG.
 neverallow {
   domain
-  -init
-  -shell # For CTS and is restricted to getattr in shell.te
-  -system_server
-  -ueventd
+  -shell # For CTS, restricted to just getattr in shell.te
+  -ueventd # To create the /dev/hw_random file
 } hw_random_device:chr_file *;
 # b/78174219 b/64114943
 neverallow {

diff --git a/public/init.te b/public/init.te
index 59e6b4e..520bbb3 100644
--- a/public/init.te
+++ b/public/init.te

@@ -308,7 +308,6 @@
   devpts
   dm_device
   hwbinder_device
-  hw_random_device
   input_device
   kmsg_device
   null_device
@@ -323,6 +322,7 @@
 # chown/chmod on devices.
 allow init {
   dev_type
+  -hw_random_device
   -keychord_device
   -port_device
 }:chr_file setattr;
@@ -532,10 +532,6 @@
 # system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all
 allow init swap_block_device:blk_file rw_file_perms;
 
-# Read from /dev/hw_random if present.
-# system/core/init/init.c - mix_hwrng_into_linux_rng_action
-allow init hw_random_device:chr_file r_file_perms;
-
 # Create and access /dev files without a specific type,
 # e.g. /dev/.coldboot_done, /dev/.booting
 # TODO:  Move these files into their own type unless they are