private/aconfigd.te - android_system_sepolicy - Gitiles

 # aconfigd -- manager for aconfig flags
 type aconfigd, domain, coredomain, mlstrustedsubject;
 type aconfigd_exec, exec_type, file_type, system_file_type;

 init_daemon_domain(aconfigd)

 allow aconfigd metadata_file:dir search;

 allow aconfigd {
     aconfig_storage_metadata_file
     aconfig_storage_flags_metadata_file
 }:dir create_dir_perms;

 allow aconfigd {
     aconfig_storage_metadata_file
     aconfig_storage_flags_metadata_file
 }:file create_file_perms;

 # allow aconfigd to log to the kernel dmesg via a file descriptor
 # passed from init to aconfigd
 allow aconfigd kmsg_device:chr_file write;

 # allow aconfigd to read vendor partition storage files
 allow aconfigd vendor_aconfig_storage_file:file r_file_perms;
 allow aconfigd vendor_aconfig_storage_file:dir r_dir_perms;

 # allow aconfigd to read /apex dir
 allow aconfigd apex_mnt_dir:dir r_dir_perms;
 allow aconfigd apex_mnt_dir:file r_file_perms;
 dontaudit aconfigd apex_info_file:file r_file_perms;

 ###
 ### Neverallow assertions
 ###

 # only init is allowed to enter the aconfigd domain
 neverallow { domain -init } aconfigd:process transition;
 neverallow * aconfigd:process dyntransition;

 # Do not allow write access to boot/map storage files except, aconfigd and aconfigd_mainline.
 # These files are meant to serve flag reads for all processes. They are created by aconfigd (for
 # platform storage files) and aconfigd_mainline (mainline storage files) processes.
 neverallow {
   domain
   -init
   -aconfigd
   -aconfigd_mainline
 } aconfig_storage_metadata_file:dir no_w_dir_perms;
 neverallow {
   domain
   -init
   -aconfigd
   -aconfigd_mainline
 } aconfig_storage_metadata_file:file no_w_file_perms;

 # Only aconfigd and aconfigd_mainline can access persist storage files
 # These files are meant to serve as persist flag value storage, only aconfigd and
 # aconfigd_mainline process should manage them. Other processes should have zero access.
 neverallow {
   domain
   -init
   -aconfigd
   -aconfigd_mainline
 } aconfig_storage_flags_metadata_file:dir *;
 neverallow {
   domain
   -init
   -aconfigd
   -aconfigd_mainline
 } aconfig_storage_flags_metadata_file:file no_rw_file_perms;
	# aconfigd -- manager for aconfig flags
	type aconfigd, domain, coredomain, mlstrustedsubject;
	type aconfigd_exec, exec_type, file_type, system_file_type;

	init_daemon_domain(aconfigd)

	allow aconfigd metadata_file:dir search;

	allow aconfigd {
	aconfig_storage_metadata_file
	aconfig_storage_flags_metadata_file
	}:dir create_dir_perms;

	allow aconfigd {
	aconfig_storage_metadata_file
	aconfig_storage_flags_metadata_file
	}:file create_file_perms;

	# allow aconfigd to log to the kernel dmesg via a file descriptor
	# passed from init to aconfigd
	allow aconfigd kmsg_device:chr_file write;

	# allow aconfigd to read vendor partition storage files
	allow aconfigd vendor_aconfig_storage_file:file r_file_perms;
	allow aconfigd vendor_aconfig_storage_file:dir r_dir_perms;

	# allow aconfigd to read /apex dir
	allow aconfigd apex_mnt_dir:dir r_dir_perms;
	allow aconfigd apex_mnt_dir:file r_file_perms;
	dontaudit aconfigd apex_info_file:file r_file_perms;

	###
	### Neverallow assertions
	###

	# only init is allowed to enter the aconfigd domain
	neverallow { domain -init } aconfigd:process transition;
	neverallow * aconfigd:process dyntransition;

	# Do not allow write access to boot/map storage files except, aconfigd and aconfigd_mainline.
	# These files are meant to serve flag reads for all processes. They are created by aconfigd (for
	# platform storage files) and aconfigd_mainline (mainline storage files) processes.
	neverallow {
	domain
	-init
	-aconfigd
	-aconfigd_mainline
	} aconfig_storage_metadata_file:dir no_w_dir_perms;
	neverallow {
	domain
	-init
	-aconfigd
	-aconfigd_mainline
	} aconfig_storage_metadata_file:file no_w_file_perms;

	# Only aconfigd and aconfigd_mainline can access persist storage files
	# These files are meant to serve as persist flag value storage, only aconfigd and
	# aconfigd_mainline process should manage them. Other processes should have zero access.
	neverallow {
	domain
	-init
	-aconfigd
	-aconfigd_mainline
	} aconfig_storage_flags_metadata_file:dir *;
	neverallow {
	domain
	-init
	-aconfigd
	-aconfigd_mainline
	} aconfig_storage_flags_metadata_file:file no_rw_file_perms;