Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / a7621f808ed7bd5104af0616b80d14c3a8d4b3e9^2..a7621f808ed7bd5104af0616b80d14c3a8d4b3e9 / .
commita7621f808ed7bd5104af0616b80d14c3a8d4b3e9[log] [tgz]
authorJeffrey Vander Stoep <jeffv@google.com>Fri May 15 21:23:31 2015 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri May 15 21:23:32 2015 +0000
treed48c93434aebc7bc9f3e87ea066a684e2e992136
parentcbc8f796551151c0d9651500d5d9f116177a07dc [diff]
parent1b4e69a734c1dfa57e945799d47266da45281b0e [diff]
Merge "make unix_socket_connect() for property service a warning"
diff --git a/access_vectors b/access_vectors
index e79ad1b..c280f08 100644
--- a/access_vectors
+++ b/access_vectors

@@ -890,25 +890,22 @@
 
 class keystore_key
 {
-	test
+	get_state
 	get
 	insert
 	delete
 	exist
-	saw
+	list
 	reset
 	password
 	lock
 	unlock
-	zero
+	is_empty
 	sign
 	verify
 	grant
 	duplicate
 	clear_uid
-	reset_uid
-	sync_uid
-	password_uid
 	add_auth
 	user_changed
 }

diff --git a/app.te b/app.te
index af8c508..40de074 100644
--- a/app.te
+++ b/app.te

@@ -185,7 +185,7 @@
 # application inherit logd write socket (urge is to deprecate this long term)
 allow appdomain zygote:unix_dgram_socket write;
 
-allow { appdomain -isolated_app } keystore:keystore_key { test get insert delete exist saw sign verify };
+allow { appdomain -isolated_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore({ appdomain -isolated_app })
 

diff --git a/binderservicedomain.te b/binderservicedomain.te
index 82c733d..0bfd33a 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te

@@ -13,6 +13,6 @@
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
-allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
+allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore(binderservicedomain)

diff --git a/domain.te b/domain.te
index 60f2baa..bd59be1 100644
--- a/domain.te
+++ b/domain.te

@@ -410,3 +410,35 @@
 # from a domain to a non-domain type and vice versa.
 neverallow domain ~domain:process { transition dyntransition };
 neverallow ~domain domain:process { transition dyntransition };
+
+#
+# Only system_app and system_server should be creating or writing
+# their files. The proper way to share files is to setup
+# type transitions to a more specific type or assigning a type
+# to its parent directory via a file_contexts entry.
+# Example type transition:
+#  mydomain.te:file_type_auto_trans(mydomain, system_data_file, new_file_type)
+#
+neverallow {
+  domain
+  -system_server
+  -system_app
+  -init
+  -installd # for relabelfrom and unlink, check for this in explicit neverallow
+} system_data_file:file no_w_file_perms;
+# do not grant anything greater than r_file_perms and relabelfrom unlink
+# to installd
+neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink };
+
+#
+# Only these domains should transition to shell domain. This domain is
+# permissible for the "shell user". If you need a process to exec a shell
+# script with differing privilege, define a domain and set up a transition.
+#
+neverallow {
+  domain
+  -adbd
+  -init
+  -runas
+  -zygote
+} shell:process { transition dyntransition };

diff --git a/perfprofd.te b/perfprofd.te
index c9f7f35..03e55f5 100644
--- a/perfprofd.te
+++ b/perfprofd.te

@@ -47,4 +47,7 @@
   # simpleperf is going to execute "sleep"
   allow perfprofd toolbox_exec:file x_file_perms;
 
+  # needed for simpleperf on some kernels
+  allow perfprofd self:capability ipc_lock;
+
 ')

diff --git a/system_app.te b/system_app.te
index 811f436..3720c3d 100644
--- a/system_app.te
+++ b/system_app.te

@@ -57,17 +57,17 @@
 allow system_app system_api_service:service_manager find;
 
 allow system_app keystore:keystore_key {
-	test
+	get_state
 	get
 	insert
 	delete
 	exist
-	saw
+	list
 	reset
 	password
 	lock
 	unlock
-	zero
+	is_empty
 	sign
 	verify
 	grant

diff --git a/system_server.te b/system_server.te
index 961ad86..42c3b62 100644
--- a/system_server.te
+++ b/system_server.te

@@ -373,25 +373,22 @@
 allow system_server surfaceflinger_service:service_manager find;
 
 allow system_server keystore:keystore_key {
-	test
+	get_state
 	get
 	insert
 	delete
 	exist
-	saw
+	list
 	reset
 	password
 	lock
 	unlock
-	zero
+	is_empty
 	sign
 	verify
 	grant
 	duplicate
 	clear_uid
-	reset_uid
-	sync_uid
-	password_uid
 	add_auth
 	user_changed
 };