Make kmsg_device mlstrustedobject.
Few domains are granted access to this, but they should have access
from any user.
Also add some neverallows to prevent misuse.
Bug: 170622707
Test: presubmits
Change-Id: Iacbe7b0525604f2339f8bf31c105af738bc3cd75
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 3586fff..cf0fa67 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -19,6 +19,9 @@
# Receive or send generic netlink messages
neverallow all_untrusted_apps domain:netlink_socket *;
+# Read or write kernel printk buffer
+neverallow all_untrusted_apps kmsg_device:chr_file no_rw_file_perms;
+
# Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable.
neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;
diff --git a/private/priv_app.te b/private/priv_app.te
index c718574..07ed6c7 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -170,6 +170,9 @@
# Receive or send generic netlink messages
neverallow priv_app domain:netlink_socket *;
+# Read or write kernel printk buffer
+neverallow priv_app kmsg_device:chr_file no_rw_file_perms;
+
# Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable.
neverallow priv_app debugfs:file read;
diff --git a/public/device.te b/public/device.te
index 4282a25..58c8883 100644
--- a/public/device.te
+++ b/public/device.te
@@ -29,7 +29,7 @@
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
type ptmx_device, dev_type, mlstrustedobject;
-type kmsg_device, dev_type;
+type kmsg_device, dev_type, mlstrustedobject;
type kmsg_debug_device, dev_type;
type null_device, dev_type, mlstrustedobject;
type random_device, dev_type, mlstrustedobject;