| Pete Bentley | e6da3b8 | 2022-09-16 15:31:39 +0100 | [diff] [blame] | 1 | # PRNG seeder daemon |
| 2 | # Started from early init, maintains a FIPS approved DRBG which it periodically reseeds from |
| 3 | # /dev/hw_random. When BoringSSL (libcrypto) in other processes needs seeding data for its |
| 4 | # internal DRBGs it will connect to /dev/socket/prng_seeder and the daemon will write a |
| 5 | # fixed size block of entropy then disconnect. No other IO is performed. |
| 6 | typeattribute prng_seeder coredomain; |
| 7 | |
| 8 | # mlstrustedsubject required in order to allow connections from trusted app domains. |
| 9 | typeattribute prng_seeder mlstrustedsubject; |
| 10 | |
| 11 | type prng_seeder_exec, system_file_type, exec_type, file_type; |
| 12 | init_daemon_domain(prng_seeder) |
| 13 | |
| 14 | # Socket open and listen are performed by init. |
| 15 | allow prng_seeder prng_seeder:unix_stream_socket { read write getattr accept }; |
| 16 | allow prng_seeder hw_random_device:chr_file { read open }; |
| 17 | allow prng_seeder kmsg_debug_device:chr_file { w_file_perms getattr ioctl }; |