Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f023c126fcb1b86a5c06b9c24f36fc58ad57c7ed^2..f023c126fcb1b86a5c06b9c24f36fc58ad57c7ed / .
commitf023c126fcb1b86a5c06b9c24f36fc58ad57c7ed[log] [tgz]
authorLinzhao Ye <lzye@google.com>Thu Jul 29 16:12:41 2021 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Thu Jul 29 16:12:41 2021 +0000
treeb7d7fab1f46e0a2f3e06a538b05c471bedc3e024
parent514cc4db445f84e7453348057fc63d1d451d6542 [diff]
parentb7bb89b55152b54182d355f146732d516ad14b3d [diff]
Merge "Add SeLinux policy for hostapd AIDL service."
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 9d9e758..b5fc793 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil

@@ -11,6 +11,8 @@
     hal_tv_tuner_service
     hal_wifi_hostapd_service
     power_stats_service
+    snapuserd_prop
+    snapuserd_proxy_socket
     tare_service
     transformer_service
     proc_watermark_boost_factor

diff --git a/private/crosvm.te b/private/crosvm.te
index 42e5181..7426ef9 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -24,6 +24,7 @@
   staging_data_file
   apk_data_file
   app_data_file
+  apex_compos_data_file
   userdebug_or_eng(`shell_data_file')
 }:file { getattr read ioctl lock };
 
@@ -49,6 +50,7 @@
 allow crosvm {
   virtualizationservice_data_file
   app_data_file
+  apex_compos_data_file
 }:file write;
 
 # Allow crosvm to pipe console log to shell or app which could be the owner of a VM.

diff --git a/private/file_contexts b/private/file_contexts
index c9b7c69..a5dd5a6 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -162,6 +162,7 @@
 /dev/socket/rild	u:object_r:rild_socket:s0
 /dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
 /dev/socket/snapuserd u:object_r:snapuserd_socket:s0
+/dev/socket/snapuserd_proxy u:object_r:snapuserd_proxy_socket:s0
 /dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
 /dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0

diff --git a/private/property.te b/private/property.te
index 3e48962..671a24a 100644
--- a/private/property.te
+++ b/private/property.te

@@ -30,6 +30,7 @@
 system_internal_prop(profcollectd_node_id_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
+system_internal_prop(snapuserd_prop)
 system_internal_prop(system_adbd_prop)
 system_internal_prop(traced_perf_enabled_prop)
 system_internal_prop(userspace_reboot_log_prop)

diff --git a/private/property_contexts b/private/property_contexts
index 03fce76..7f97281 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -281,10 +281,12 @@
 sys.boot_from_charger_mode  u:object_r:charger_status_prop:s0 exact int
 ro.enable_boot_charger_mode u:object_r:charger_config_prop:s0 exact bool
 
-# Virtual A/B properties
+# Virtual A/B and snapuserd properties
 ro.virtual_ab.enabled   u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.retrofit  u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.compression.enabled  u:object_r:virtual_ab_prop:s0 exact bool
+snapuserd.ready         u:object_r:snapuserd_prop:s0 exact bool
+snapuserd.proxy_ready   u:object_r:snapuserd_prop:s0 exact bool
 
 ro.product.ab_ota_partitions u:object_r:ota_prop:s0 exact string
 # Property to set/clear the warm reset flag after an OTA update.

diff --git a/private/snapuserd.te b/private/snapuserd.te
index d96b31e..2956891 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te

@@ -17,10 +17,24 @@
 allow snapuserd dm_user_device:dir r_dir_perms;
 allow snapuserd dm_user_device:chr_file rw_file_perms;
 
-# Reading and writing to /dev/socket/snapuserd.
+# Reading and writing to /dev/socket/snapuserd and snapuserd_proxy.
 allow snapuserd snapuserd_socket:unix_stream_socket { accept listen getattr read write };
+allow snapuserd snapuserd_proxy_socket:sock_file write;
 
 # This arises due to first-stage init opening /dev/null without F_CLOEXEC
 # (see SetStdioToDevNull in init). When we fork() and execveat() snapuserd
 # again, the descriptor leaks into the new process.
 allow snapuserd kernel:fd use;
+
+# snapuserd.* properties
+set_prop(snapuserd, snapuserd_prop)
+
+# For inotify watching for /dev/socket/snapuserd_proxy to appear.
+allow snapuserd tmpfs:dir read;
+
+# Forbid anything other than snapuserd and init setting snapuserd properties.
+neverallow {
+  domain
+  -snapuserd
+  -init
+} snapuserd_prop:property_service set;

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 837fc59..f92c94f 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -54,7 +54,11 @@
 # directly as they must be passed over Binder by the client.
 allow virtualizationservice apk_data_file:file { getattr read };
 # Write access is needed for mutable partitions like instance.img
-allow virtualizationservice app_data_file:file { getattr read write };
+allow virtualizationservice {
+  app_data_file
+  apex_compos_data_file
+}:file { getattr read write };
+
 # shell_data_file is used for automated tests and manual debugging.
 allow virtualizationservice shell_data_file:file { getattr read write };
 

diff --git a/public/file.te b/public/file.te
index cf65c7d..2d98bb0 100644
--- a/public/file.te
+++ b/public/file.te

@@ -499,6 +499,7 @@
 type rild_socket, file_type;
 type rild_debug_socket, file_type;
 type snapuserd_socket, file_type, coredomain_socket;
+type snapuserd_proxy_socket, file_type, coredomain_socket;
 type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
 type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
 type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;