Add SEPolicy for PRNG seeder daemon. Manual testing protocol: * Verify prng_seeder daemon is running and has the correct label (via ps -Z) * Verify prng_seeder socket present and has correct label (via ls -Z) * Verify no SELinux denials * strace a libcrypto process and verify it reads seeding data from prng_seeder (e.g. strace bssl rand -hex 1024) * strace seeder daemon to observe incoming connections (e.g. strace -f -p `pgrep prng_seeder`) * Kill daemon, observe that init restarts it * strace again and observe clients now seed from new instance Bug: 243933553 Test: Manual - see above Change-Id: I0a7e339115a2cf6b819730dcf5f8b189a339c57d

commit: e6da3b80d139d01ca36a96514dc0a0483b5dfc8d [log] [tgz]
author: Pete Bentley <prb@google.com> Fri Sep 16 15:31:39 2022 +0100
committer: Pete Bentley <prb@google.com> Thu Sep 22 15:13:20 2022 +0000
tree: 19ade84b368358f8b8d2d9031627ffeb3eb955e3
parent: 397e5765e353f0e0bbf2103d133885d9119d2de7 [diff] [blame]
diff --git a/private/file.te b/private/file.te
index 3f5531f..60e2274 100644
--- a/private/file.te
+++ b/private/file.te

@@ -120,3 +120,8 @@
 # This executable does not have its own domain because it is executed in the caller's domain. For
 # example, it is executed in the `artd` domain when artd calls it.
 type art_exec_exec, system_file_type, exec_type, file_type;
+
+# Filesystem entry for for PRNG seeder socket.  Processes require
+# write permission on this to connect, and needs to be mlstrustedobject
+# in to satisfy MLS constraints for trusted domains.
+type prng_seeder_socket, file_type, coredomain_socket, mlstrustedobject;
commit	e6da3b80d139d01ca36a96514dc0a0483b5dfc8d	[log] [tgz]
author	Pete Bentley <prb@google.com>	Fri Sep 16 15:31:39 2022 +0100
committer	Pete Bentley <prb@google.com>	Thu Sep 22 15:13:20 2022 +0000
tree	19ade84b368358f8b8d2d9031627ffeb3eb955e3
parent	397e5765e353f0e0bbf2103d133885d9119d2de7 [diff] [blame]