Merge "appdomain: neverallow direct input_device access"

commit: 9cc3a580c55f2114a816a151d0df5134dce7fa8e [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Aug 08 17:16:57 2016 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Aug 08 17:16:57 2016 +0000
tree: 3f66c43b3372334506d854bcb5622e18303497e0
parent: 5423db6eb3622183a201eaaa7b39bcbf788eecdb [diff]
parent: e83b9f037c47f004391a8c947303a48548f79838 [diff]
diff --git a/device.te b/device.te
index e3ddb95..e4a792e 100644
--- a/device.te
+++ b/device.te

@@ -51,7 +51,6 @@
 type tun_device, dev_type, mlstrustedobject;
 type usbaccessory_device, dev_type, mlstrustedobject;
 type usb_device, dev_type, mlstrustedobject;
-type klog_device, dev_type;
 type properties_device, dev_type;
 type properties_serial, dev_type;
 type i2c_device, dev_type;

diff --git a/dumpstate.te b/dumpstate.te
index 4a475d1..08dcb4d 100644
--- a/dumpstate.te
+++ b/dumpstate.te

@@ -142,3 +142,5 @@
 allow dumpstate debugfs_tracing:file rw_file_perms;
 allow dumpstate debugfs_trace_marker:file getattr;
 allow dumpstate atrace_exec:file rx_file_perms;
+
+allow dumpstate proc_interrupts:file r_file_perms;

diff --git a/file.te b/file.te
index 7b6b4a9..628c237 100644
--- a/file.te
+++ b/file.te

@@ -13,10 +13,13 @@
 type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_cpuinfo, fs_type;
+type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
 type proc_meminfo, fs_type;
 type proc_net, fs_type;
+type proc_stat, fs_type;
 type proc_sysrq, fs_type;
+type proc_timer, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
 type selinuxfs, fs_type, mlstrustedobject;

diff --git a/file_contexts b/file_contexts
index 5089183..39c006d 100644
--- a/file_contexts
+++ b/file_contexts

@@ -136,7 +136,6 @@
 /dev/watchdog		u:object_r:watchdog_device:s0
 /dev/xt_qtaguid	u:object_r:qtaguid_device:s0
 /dev/zero		u:object_r:zero_device:s0
-/dev/__kmsg__		u:object_r:klog_device:s0
 /dev/__properties__ u:object_r:properties_device:s0
 #############################
 # System files

diff --git a/genfs_contexts b/genfs_contexts
index 81749fd..57b967c 100644
--- a/genfs_contexts
+++ b/genfs_contexts

@@ -2,11 +2,14 @@
 genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
+genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon proc /softirqs u:object_r:proc_timer:s0
+genfscon proc /stat u:object_r:proc_stat:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
@@ -24,6 +27,8 @@
 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
+genfscon proc /timer_list u:object_r:proc_timer:s0
+genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 

diff --git a/init.te b/init.te
index 8895985..ff029ab 100644
--- a/init.te
+++ b/init.te

@@ -198,6 +198,9 @@
 # Write to /proc/sysrq-trigger.
 allow init proc_sysrq:file w_file_perms;
 
+# Read /proc/stat for bootchart.
+allow init proc_stat:file r_file_perms;
+
 # Reboot.
 allow init self:capability sys_boot;
 

diff --git a/kernel.te b/kernel.te
index 05aaf83..adab085 100644
--- a/kernel.te
+++ b/kernel.te

@@ -41,8 +41,7 @@
 allow kernel self:capability sys_boot;
 allow kernel proc_sysrq:file w_file_perms;
 
-# Allow writing to /dev/__kmsg__ which was created prior to
-# loading policy
+# Allow writing to /dev/kmsg which was created prior to loading policy.
 allow kernel tmpfs:chr_file write;
 
 # Set checkreqprot by init.rc prior to switching to init domain.

diff --git a/shell.te b/shell.te
index c263f0c..afa4c91 100644
--- a/shell.te
+++ b/shell.te

@@ -89,7 +89,10 @@
 # allow shell to look through /proc/ for ps, top, netstat
 r_dir_file(shell, proc)
 r_dir_file(shell, proc_net)
+allow shell proc_interrupts:file r_file_perms;
 allow shell proc_meminfo:file r_file_perms;
+allow shell proc_stat:file r_file_perms;
+allow shell proc_timer:file r_file_perms;
 r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };

diff --git a/system_server.te b/system_server.te
index a84812a..cb06d6d 100644
--- a/system_server.te
+++ b/system_server.te

@@ -59,6 +59,9 @@
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
 
+# Allow alarmtimers to be set
+allow system_server self:capability2 wake_alarm;
+
 # Use netlink uevent sockets.
 allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
 
@@ -98,6 +101,9 @@
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;
 
+# Read /proc/stat for CPU usage statistics
+allow system_server proc_stat:file r_file_perms;
+
 # Read /sys/kernel/debug/wakeup_sources.
 allow system_server debugfs:file r_file_perms;
 

diff --git a/te_macros b/te_macros
index 9600b52..ec97b3f 100644
--- a/te_macros
+++ b/te_macros

@@ -233,22 +233,6 @@
 ')
 
 #####################################
-# selinux_setenforce(domain)
-# Allow domain to set SELinux to enforcing.
-define(`selinux_setenforce', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setenforce;
-')
-
-#####################################
-# selinux_setbool(domain)
-# Allow domain to set SELinux booleans.
-define(`selinux_setbool', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setbool;
-')
-
-#####################################
 # create_pty(domain)
 # Allow domain to create and use a pty, isolated from any other domain ptys.
 define(`create_pty', `

diff --git a/ueventd.te b/ueventd.te
index ec7e9a1..f1576e7 100644
--- a/ueventd.te
+++ b/ueventd.te

@@ -3,10 +3,8 @@
 type ueventd, domain, domain_deprecated;
 tmpfs_domain(ueventd)
 
-# TODO: why is ueventd using __kmsg__ when it should just create
-# and use /dev/kmsg instead?
-type_transition ueventd device:chr_file klog_device "__kmsg__";
-allow ueventd klog_device:chr_file { create open write unlink };
+# Write to /dev/kmsg.
+allow ueventd kmsg_device:chr_file rw_file_perms;
 
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
commit	9cc3a580c55f2114a816a151d0df5134dce7fa8e	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Aug 08 17:16:57 2016 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Aug 08 17:16:57 2016 +0000
tree	3f66c43b3372334506d854bcb5622e18303497e0
parent	5423db6eb3622183a201eaaa7b39bcbf788eecdb [diff]
parent	e83b9f037c47f004391a8c947303a48548f79838 [diff]