Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / adaf4fe7a9901c7b3360ef04b4dcb29357977881^1..adaf4fe7a9901c7b3360ef04b4dcb29357977881 / .
commitadaf4fe7a9901c7b3360ef04b4dcb29357977881[log] [tgz]
authorElliott Hughes <enh@google.com>Tue Feb 16 20:08:39 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Feb 16 20:08:39 2021 +0000
tree968c320d8d26baf4493a308a8e150ea3adc6f47c
parent523a649401d8fd3afcea2089e4e0ddfebeabbf64 [diff]
parent5aaf7f34617a24544c154bc18525abcd2762a3a7 [diff]
Merge "init/ueventd and system_server no longer need access to /dev/hw_random."
diff --git a/private/system_server.te b/private/system_server.te
index 27ad51c..a2aa259 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -770,9 +770,6 @@
 allow system_server usb_device:chr_file rw_file_perms;
 allow system_server usb_device:dir r_dir_perms;
 
-# Read from HW RNG (needed by EntropyMixer).
-allow system_server hw_random_device:chr_file r_file_perms;
-
 # Read and delete files under /dev/fscklogs.
 r_dir_file(system_server, fscklogs)
 allow system_server fscklogs:dir { write remove_name };

diff --git a/public/domain.te b/public/domain.te
index 6b29595..81163d1 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -403,13 +403,11 @@
 # that could be set from init.rc.
 neverallow { domain -init } kernel:security setsecparam;
 
-# Only init, ueventd, shell and system_server should be able to access HW RNG
+# Only the kernel hwrng thread should be able to read from the HW RNG.
 neverallow {
   domain
-  -init
-  -shell # For CTS and is restricted to getattr in shell.te
-  -system_server
-  -ueventd
+  -shell # For CTS, restricted to just getattr in shell.te
+  -ueventd # To create the /dev/hw_random file
 } hw_random_device:chr_file *;
 # b/78174219 b/64114943
 neverallow {

diff --git a/public/init.te b/public/init.te
index e546ece..069f17d 100644
--- a/public/init.te
+++ b/public/init.te

@@ -309,7 +309,6 @@
   devpts
   dm_device
   hwbinder_device
-  hw_random_device
   input_device
   kmsg_device
   null_device
@@ -324,6 +323,7 @@
 # chown/chmod on devices.
 allow init {
   dev_type
+  -hw_random_device
   -keychord_device
   -port_device
 }:chr_file setattr;
@@ -533,10 +533,6 @@
 # system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all
 allow init swap_block_device:blk_file rw_file_perms;
 
-# Read from /dev/hw_random if present.
-# system/core/init/init.c - mix_hwrng_into_linux_rng_action
-allow init hw_random_device:chr_file r_file_perms;
-
 # Create and access /dev files without a specific type,
 # e.g. /dev/.coldboot_done, /dev/.booting
 # TODO:  Move these files into their own type unless they are