Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9f5d0d90a3a5b479c19fda7b528471f16b773546^! / . / private / mls
commit9f5d0d90a3a5b479c19fda7b528471f16b773546[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Tue Jan 29 14:43:45 2019 -0800
committerJeffrey Vander Stoep <jeffv@google.com>Wed Jan 30 19:11:49 2019 +0000
tree1a644302a81b66ce2032854e39ba8f7ab6f0884b
parent37ab42e54265ec902cb63d623c41e8ef5717020b [diff] [blame]
Initial selinux policy support for memfd

Move all app tmpfs types to appdomain_tmpfs. These are still protected
by mls categories and DAC. TODO clean up other app tmpfs types in a
separate change.

Treble-ize tmpfs passing between graphics composer HAL and
surfaceflinger.

Bug: 122854450
Test: boot Blueline with memfd enabled.
Change-Id: Ib98aaba062f10972af6ae80fb85b7a0f60a32eee

diff --git a/private/mls b/private/mls
index 421b046..9690440 100644
--- a/private/mls
+++ b/private/mls

@@ -57,14 +57,14 @@
 mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
 	     ( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject);
 mlsconstrain { file sock_file } { open setattr unlink link rename }
-	     ( (t2 != app_data_file and t2 != privapp_data_file and t2 != priv_app_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
+	     ( (t2 != app_data_file and t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
 # For symlinks in app_data_file, require equivalence in order to manipulate or follow (read).
 mlsconstrain { lnk_file } { open setattr unlink link rename read }
 	     ( (t2 != app_data_file) or l1 eq l2 or t1 == mlstrustedsubject);
 # For priv_app_data_file, continue to use dominance for symlinks because dynamite relies on this.
 # TODO: Migrate to equivalence when it's no longer needed.
 mlsconstrain { lnk_file } { open setattr unlink link rename read }
-	     ( (t2 != privapp_data_file and t2 != priv_app_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
+	     ( (t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
 
 #
 # Constraints for file types other than app data files.
@@ -76,7 +76,7 @@
 	     (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
-	     (t2 == app_data_file or t2 == privapp_data_file or t2 == priv_app_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+	     (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 # Write operations: Subject must be equivalent to the object unless the
 # subject or the object is trusted.
@@ -84,7 +84,7 @@
 	     (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename }
-	     (t2 == app_data_file or t2 == privapp_data_file or t2 == priv_app_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+	     (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 # Special case for FIFOs.
 # These can be unnamed pipes, in which case they will be labeled with the