Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9d9c370f31556c33f62e7889f64ad3a2728f1863^! / .
commit9d9c370f31556c33f62e7889f64ad3a2728f1863[log] [tgz]
authorNick Kralevich <nnk@google.com>Mon Nov 20 11:02:03 2017 -0800
committerNick Kralevich <nnk@google.com>Mon Nov 20 21:02:21 2017 +0000
tree07f72cab7bf1d10bef74089b677190e54d2350ff
parentd4785c37073b8d87a9caa1a3a053d4c05735751d [diff]
Make /proc/sys/kernel/random available to everyone

Similar to the way we handle /dev/random and /dev/urandom, make
/proc/sys/kernel/random available to everyone.

  hostname:/proc/sys/kernel/random # ls -laZ
  total 0
  dr-xr-xr-x 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 .
  dr-xr-xr-x 1 root root u:object_r:proc:s0        0 2017-11-20 18:32 ..
  -r--r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 boot_id
  -r--r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 entropy_avail
  -r--r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 poolsize
  -rw-r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 read_wakeup_threshold
  -rw-r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 urandom_min_reseed_secs
  -r--r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 uuid
  -rw-r--r-- 1 root root u:object_r:proc_random:s0 0 2017-11-20 19:02 write_wakeup_threshold

boot_id (unique random number per boot) is commonly used by
applications, as is "uuid". As these are random numbers, no sensitive
data is leaked. The other files are useful to allow processes to
understand the state of the entropy pool, and should be fairly benign.

Addresses the following denial:

  type=1400 audit(0.0:207): avc: denied { read } for name="boot_id"
  dev="proc" ino=76194 scontext=u:r:untrusted_app_25:s0:c512,c768
  tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 69294418
Test: policy compiles.
Change-Id: Ieeca1c654ec755123e19b4693555990325bd58cf

diff --git a/public/domain.te b/public/domain.te
index ab16849..7c53d0c 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -77,6 +77,8 @@
 allow domain ptmx_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
 allow domain random_device:chr_file rw_file_perms;
+allow domain proc_random:dir r_dir_perms;
+allow domain proc_random:file r_file_perms;
 allow domain properties_device:dir { search getattr };
 allow domain properties_serial:file r_file_perms;
 

diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index e275900..eb4cdc1 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te

@@ -38,9 +38,8 @@
 # Allow update_engine_common to suspend, resume and kill the postinstall program.
 allow update_engine_common postinstall:process { signal sigstop sigkill };
 
-# access /proc/cmdline and /proc/sys/kernel/random/
+# access /proc/cmdline
 allow update_engine_common proc_cmdline:file r_file_perms;
-r_dir_file(update_engine_common, proc_random)
 
 # Read files in /sys/firmware/devicetree/base/firmware/android/
 r_dir_file(update_engine_common, sysfs_dt_firmware_android)