Merge "rild: Remove toolbox_exec perms"
diff --git a/app.te b/app.te
index bc42465..94dcfc5 100644
--- a/app.te
+++ b/app.te
@@ -396,3 +396,6 @@
security_file
tmpfs
}:lnk_file no_w_file_perms;
+
+# Do not allow Apps to directly open tun_device
+neverallow appdomain tun_device:chr_file open;
diff --git a/bluetooth.te b/bluetooth.te
index 826856c..c509757 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -16,12 +16,7 @@
# bluetooth factory file accesses.
r_dir_file(bluetooth, bluetooth_efs_file)
-# TODO why does bluetooth require access to tun_device? If not,
-# remove access and tighten down neverallow rule so that appdomain is
-# not allowed to open (as opposed to just untrusted_app)
-# Device accesses. b/24744295
-allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
-auditallow bluetooth tun_device:chr_file rw_file_perms;
+allow bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
# sysfs access.
allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
diff --git a/bootanim.te b/bootanim.te
index 9e04c04..ee5bcae 100644
--- a/bootanim.te
+++ b/bootanim.te
@@ -1,5 +1,5 @@
# bootanimation oneshot service
-type bootanim, domain, domain_deprecated;
+type bootanim, domain;
type bootanim_exec, exec_type, file_type;
init_daemon_domain(bootanim)
@@ -17,3 +17,24 @@
allow bootanim audio_device:chr_file rw_file_perms;
allow bootanim surfaceflinger_service:service_manager find;
+
+# For /acct/uid/*/tasks.
+allow bootanim cgroup:dir { search write };
+allow bootanim cgroup:file w_file_perms;
+
+# debugfs access
+allow bootanim debugfs:dir r_dir_perms;
+allow bootanim debugfs:file w_file_perms;
+
+# Allow access to ion memory allocation device
+allow bootanim ion_device:chr_file rw_file_perms;
+
+# Read access to pseudo filesystems.
+r_dir_file(bootanim, proc)
+r_dir_file(bootanim, sysfs)
+r_dir_file(bootanim, sysfs_devices_system_cpu)
+r_dir_file(bootanim, cgroup)
+allow bootanim proc_cpuinfo:file r_file_perms;
+
+# System file accesses.
+allow bootanim system_file:dir r_dir_perms;
diff --git a/device.te b/device.te
index b1b4582..6457017 100644
--- a/device.te
+++ b/device.te
@@ -54,6 +54,7 @@
type usb_device, dev_type, mlstrustedobject;
type klog_device, dev_type;
type properties_device, dev_type;
+type properties_serial, dev_type;
type i2c_device, dev_type;
# All devices have a uart for the hci
diff --git a/domain.te b/domain.te
index 2d11bf7..02b884f 100644
--- a/domain.te
+++ b/domain.te
@@ -76,7 +76,14 @@
allow domain alarm_device:chr_file r_file_perms;
allow domain urandom_device:chr_file rw_file_perms;
allow domain random_device:chr_file rw_file_perms;
-allow domain properties_device:file r_file_perms;
+allow domain properties_device:dir r_dir_perms;
+allow domain properties_serial:file r_file_perms;
+
+# For now, everyone can access all property files
+get_prop(domain, property_type)
+dontaudit domain property_type:file audit_access;
+allow domain property_contexts:file r_file_perms;
+
allow domain init:key search;
allow domain vold:key search;
diff --git a/file.te b/file.te
index 1d444dd..9251741 100644
--- a/file.te
+++ b/file.te
@@ -192,6 +192,9 @@
# UART (for GPS) control proc file
type gps_control, file_type;
+# property_contexts file
+type property_contexts, file_type;
+
# Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate;
allow sysfs_type sysfs:filesystem associate;
diff --git a/file_contexts b/file_contexts
index a74f8f8..152dfb4 100644
--- a/file_contexts
+++ b/file_contexts
@@ -34,7 +34,7 @@
# SELinux policy files
/file_contexts\.bin u:object_r:rootfs:s0
-/property_contexts u:object_r:rootfs:s0
+/property_contexts u:object_r:property_contexts:s0
/seapp_contexts u:object_r:rootfs:s0
/sepolicy u:object_r:rootfs:s0
/service_contexts u:object_r:rootfs:s0
diff --git a/init.te b/init.te
index e6c7825..d07c5a7 100644
--- a/init.te
+++ b/init.te
@@ -14,8 +14,9 @@
# /dev/socket
allow init { device socket_device }:dir relabelto;
# /dev/__properties__
-allow init tmpfs:file relabelfrom;
-allow init properties_device:file relabelto;
+allow init properties_device:dir relabelto;
+allow init properties_serial:file { write relabelto };
+allow init property_type:file { create_file_perms relabelto };
# setrlimit
allow init self:capability sys_resource;
diff --git a/priv_app.te b/priv_app.te
index a92b6eb..2ff9a37 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -60,6 +60,10 @@
allow priv_app perfprofd_data_file:dir r_dir_perms;
')
+# Allow GMS core to stat files and executables on
+# the system partition
+allow priv_app exec_type:file getattr;
+
###
### neverallow rules
###
diff --git a/property.te b/property.te
index 07b5091..9e97b60 100644
--- a/property.te
+++ b/property.te
@@ -30,3 +30,5 @@
type nfc_prop, property_type;
type dalvik_prop, property_type;
type config_prop, property_type;
+
+allow property_type tmpfs:filesystem associate;
diff --git a/shell.te b/shell.te
index a02fbd0..90b12d8 100644
--- a/shell.te
+++ b/shell.te
@@ -52,6 +52,7 @@
allow shell console_device:chr_file rw_file_perms;
allow shell input_device:dir r_dir_perms;
allow shell input_device:chr_file rw_file_perms;
+r_dir_file(shell, system_file)
allow shell system_file:file x_file_perms;
allow shell toolbox_exec:file rx_file_perms;
allow shell shell_exec:file rx_file_perms;
@@ -71,6 +72,7 @@
# Directory read access and file write access is already granted
# in domain.te.
allow shell debugfs:file r_file_perms;
+allow shell debugfs:dir search;
allow shell atrace_exec:file rx_file_perms;
userdebug_or_eng(`
@@ -97,6 +99,10 @@
# allow shell to read /proc/pid/attr/current for ps -Z
allow shell domain:process getattr;
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
# enable shell domain to read/write files/dirs for bootchart data
# User will creates the start and stop file via adb shell
# and read other files created by init process under /data/bootchart
@@ -113,3 +119,6 @@
# bugs, so we want to ensure the shell user never has this
# capability.
neverallow shell file_type:file link;
+
+# Allow access to ion memory allocation device.
+allow shell ion_device:chr_file { open read };
diff --git a/te_macros b/te_macros
index 1936ffb..37b33a9 100644
--- a/te_macros
+++ b/te_macros
@@ -153,6 +153,15 @@
')
#####################################
+# get_prop(sourcedomain, targetproperty)
+# Allows source domain to read the
+# targetproperty.
+#
+define(`get_prop', `
+allow $1 $2:file r_file_perms;
+')
+
+#####################################
# unix_socket_send(clientdomain, socket, serverdomain)
# Allow a local socket send from clientdomain via
# socket to serverdomain.
diff --git a/untrusted_app.te b/untrusted_app.te
index 0e71546..df9c677 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -145,9 +145,6 @@
# Do not allow untrusted_app to access network MAC address file
neverallow untrusted_app sysfs_mac_address:file no_rw_file_perms;
-# Do not allow untrusted app to directly open tun_device
-neverallow untrusted_app tun_device:chr_file open;
-
# Do not allow untrusted_app access to /cache
neverallow untrusted_app cache_file:dir ~{ r_dir_perms };
neverallow untrusted_app cache_file:file ~{ read getattr };