sepolicy: restrict BINDER_FREEZE to system_server BINDER_FREEZE is used to block ipc transactions to frozen processes, so only system_server must be allowed to use it. Bug: 143717177 Test: manually verified that attempts to use BINDER_FREEZE by processes other than system_server receive a sepolicy denial Test: verified that system_server can enable/disable the freezer in binder Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889

commit: 5fe69e082ac44aba637469fc59fee9f311c8d20b [log] [tgz]
author: Marco Ballesio <balejs@google.com> Thu Sep 03 12:07:33 2020 -0700
committer: Marco Ballesio <balejs@google.com> Thu Sep 03 14:12:17 2020 -0700
tree: c7f717e5b5adecfae358a8718ac97b6d3f0b0b7d
parent: bc1fbf57fa504c5a958fc3005ab83669244b58e4 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 8191b6a..c29661e 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1012,6 +1012,9 @@
 
 get_prop(system_server, wifi_config_prop)
 
+# Only system server can access BINDER_FREEZE
+allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE };
+
 ###
 ### Neverallow rules
 ###
@@ -1230,3 +1233,7 @@
   -dumpstate
   -system_server
 } wifi_config_prop:file no_rw_file_perms;
+
+# BINDER_FREEZE is used to block ipc transactions to frozen processes, so it
+# can be accessed by system_server only (b/143717177)
+neverallowxperm { domain -system_server } binder_device:chr_file ioctl { BINDER_FREEZE };
commit	5fe69e082ac44aba637469fc59fee9f311c8d20b	[log] [tgz]
author	Marco Ballesio <balejs@google.com>	Thu Sep 03 12:07:33 2020 -0700
committer	Marco Ballesio <balejs@google.com>	Thu Sep 03 14:12:17 2020 -0700
tree	c7f717e5b5adecfae358a8718ac97b6d3f0b0b7d
parent	bc1fbf57fa504c5a958fc3005ab83669244b58e4 [diff]