Gitiles
Code Review Sign In
review.blissroms.org / platform_build_make / 6b79c9b769c33e6998130771a66ee850f5564cf1^! / .
commit6b79c9b769c33e6998130771a66ee850f5564cf1[log] [tgz]
authorJiyong Park <jiyong@google.com>Fri May 18 20:16:51 2018 +0900
committerJiyong Park <jiyong@google.com>Thu May 24 19:03:25 2018 +0900
treec81060787d0d1de8ea22043fdca1772a1184eff0
parentbd842d0b6491bd5194e78fe16fdc03bccd599082 [diff]
Temporarily whitelisting system domains writing vendor props

system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.

Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.

These violators are allowed only for P, but not for Q.

Bug: 78598545
Test: m -j selinux_policy when choosecombo'ed to aosp_arm64
Merged-In: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b
Change-Id: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b
(cherry picked from commit bb1432b61bab1b5a5286cad273ddf81af4372988)

diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te
index e4f7c73..bc84ee7 100644
--- a/target/board/generic/sepolicy/bootanim.te
+++ b/target/board/generic/sepolicy/bootanim.te

@@ -5,4 +5,5 @@
 
 allow bootanim graphics_device:chr_file { read ioctl open };
 
+typeattribute bootanim system_writes_vendor_properties_violators;
 set_prop(bootanim, qemu_prop)

diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te
index e03d07e..2bba8a7 100644
--- a/target/board/generic/sepolicy/surfaceflinger.te
+++ b/target/board/generic/sepolicy/surfaceflinger.te

@@ -1,4 +1,5 @@
 allow surfaceflinger self:process execmem;
 allow surfaceflinger ashmem_device:chr_file execute;
 
+typeattribute surfaceflinger system_writes_vendor_properties_violators;
 set_prop(surfaceflinger, qemu_prop)

diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te
index e97d895..da403b5 100644
--- a/target/board/generic/sepolicy/zygote.te
+++ b/target/board/generic/sepolicy/zygote.te

@@ -1,3 +1,4 @@
+typeattribute zygote system_writes_vendor_properties_violators;
 set_prop(zygote, qemu_prop)
 # TODO (b/63631799) fix this access
 # Suppress denials to storage. Webview zygote should not be accessing.