Assert untrusted apps can't add or list hwservicemanager This adds a neverallow rules which checks that SELinux app domains which host arbitrary code are not allowed to access hwservicemanager operations other than "find" operation for which there already are strict neverallow rules in the policy. Test: mmm system/sepolicy -- neverallow-only change Bug: 34454312 Change-Id: I3b80c6ae2c254495704e0409e0c5c88f6ce3a6a7

commit: 5c5b6263584e7cfe15abda0ed377113727212e6d [log] [tgz]
author: Alex Klyubin <klyubin@google.com> Mon Apr 24 15:09:19 2017 -0700
committer: Alex Klyubin <klyubin@google.com> Mon Apr 24 15:11:13 2017 -0700
tree: bd2856a3f8fa275e0240643d2c7e465b93e4ad89
parent: 2a7f4fb069a574fb9bd34acbf27ba86cd804005b [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 8b53ff5..0f0f577 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -108,6 +108,10 @@
 # against privileged system components
 neverallow all_untrusted_apps system_file:file lock;
 
+# Do not permit untrusted apps to perform actions on HwBinder service_manager
+# other than find actions for services listed below
+neverallow all_untrusted_apps *:hwservice_manager ~find;
+
 # Do not permit access from apps which host arbitrary code to HwBinder services,
 # except those considered sufficiently safe for access from such apps.
 # The two main reasons for this are:
commit	5c5b6263584e7cfe15abda0ed377113727212e6d	[log] [tgz]
author	Alex Klyubin <klyubin@google.com>	Mon Apr 24 15:09:19 2017 -0700
committer	Alex Klyubin <klyubin@google.com>	Mon Apr 24 15:11:13 2017 -0700
tree	bd2856a3f8fa275e0240643d2c7e465b93e4ad89
parent	2a7f4fb069a574fb9bd34acbf27ba86cd804005b [diff] [blame]