From bb1432b61bab1b5a5286cad273ddf81af4372988 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Fri, 18 May 2018 20:16:51 +0900 Subject: [PATCH] Temporarily whitelisting system domains writing vendor props system properties must not be used as a communication channel in between system and vendor processes. However, there has been no enforcement on this: system process could write system properties that are owned and read by vendor processes and vice versa. Such communication should be done over hwbinder and should be formally specified in HIDL. Until we finish migrating the existing use cases of sysprops to HIDL, whitelisting them in system_writes_vendor_properties_violators so that the violators are clearly tracked. These violators are allowed only for P, but not for Q. Bug: 78598545 Test: m -j selinux_policy when choosecombo'ed to aosp_arm64 Change-Id: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b --- target/board/generic/sepolicy/bootanim.te | 1 + target/board/generic/sepolicy/surfaceflinger.te | 1 + target/board/generic/sepolicy/zygote.te | 1 + 3 files changed, 3 insertions(+) diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te index e4f7c734af..bc84ee7399 100644 --- a/target/board/generic/sepolicy/bootanim.te +++ b/target/board/generic/sepolicy/bootanim.te @@ -5,4 +5,5 @@ dontaudit bootanim system_data_file:dir read; allow bootanim graphics_device:chr_file { read ioctl open }; +typeattribute bootanim system_writes_vendor_properties_violators; set_prop(bootanim, qemu_prop) diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te index e03d07ee7f..2bba8a78b1 100644 --- a/target/board/generic/sepolicy/surfaceflinger.te +++ b/target/board/generic/sepolicy/surfaceflinger.te @@ -1,4 +1,5 @@ allow surfaceflinger self:process execmem; allow surfaceflinger ashmem_device:chr_file execute; +typeattribute surfaceflinger system_writes_vendor_properties_violators; set_prop(surfaceflinger, qemu_prop) diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te index e97d895c30..da403b5dd7 100644 --- a/target/board/generic/sepolicy/zygote.te +++ b/target/board/generic/sepolicy/zygote.te @@ -1,3 +1,4 @@ +typeattribute zygote system_writes_vendor_properties_violators; set_prop(zygote, qemu_prop) # TODO (b/63631799) fix this access # Suppress denials to storage. Webview zygote should not be accessing.