commit 766caba5deef2ee02ac8aa1d406a7dab4735dfe1
author Alan Stokes <alanstokes@google.com> Mon Feb 14 14:33:37 2022 +0000
committer Alan Stokes <alanstokes@google.com> Thu Feb 17 12:14:40 2022 +0000
tree 14cb90526165c08e59bf9e639e0a50f6dd067100
parent 8817edcbb47a8681dd6a3644ea9368f1581ba8a8

Modify sepolicy for compos key changes

Add the compos_key_helper domain for the process which has access to
the signing key, make sure it can't be crashdumped. Also extend that
protection to diced & its HAL.

Rename compos_verify_key to compos_verify, because it doesn't verify
keys any more.

Move exec types used by Microdroid to file.te in the host rather than
their own dedicated files.

Bug: 218494522
Test: atest CompOsSigningHostTest CompOsDenialHostTest
Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1

microdroid/system/private/compos.te

diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index d9edb67..c9fc32c 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te
@@ -30,5 +30,10 @@
 # See b/35323867#comment3
 dontaudit compos self:global_capability_class_set dac_override;
 
-# Allow domain transition into odrefresh.
+# Allow running odrefresh in its own domain
 domain_auto_trans(compos, odrefresh_exec, odrefresh)
+
+# Allow running compos_key_helper in its own domain
+domain_auto_trans(compos, compos_key_helper_exec, compos_key_helper)
+# And killing it on error
+allow compos compos_key_helper:process sigkill;