Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6598175e066439aa2e40b170902e1c65813892f4^! / . / private / system_server.te
commit6598175e066439aa2e40b170902e1c65813892f4[log] [tgz]
authorSteven Moreland <smoreland@google.com>Thu Feb 10 00:32:44 2022 +0000
committerSteven Moreland <smoreland@google.com>Thu Feb 10 00:34:50 2022 +0000
treea339a2cb2f9c4d09b0bce5b93f1cf6df69b945a6
parentc30b45e2423a56fc44e4aa3931a28e98679a4c29 [diff] [blame]
bpfdomain: attribute for domain which can use BPF

Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.

Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325

diff --git a/private/system_server.te b/private/system_server.te
index 79817ef..9de6cae 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -8,6 +8,7 @@
 typeattribute system_server scheduler_service_server;
 typeattribute system_server sensor_service_server;
 typeattribute system_server stats_service_server;
+typeattribute system_server bpfdomain;
 
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)