diff options
author | Nick Kralevich <nnk@google.com> | 2017-02-15 15:04:43 -0800 |
---|---|---|
committer | Andreas Blaesius <skate4life@gmx.de> | 2017-07-17 23:16:46 +0200 |
commit | ae28752d5bc428d65ff5e0d26c83626e7a744b6d (patch) | |
tree | 08269eb2f04909c4231632f5a8b813a0df4addea | |
parent | e7cd3302ee34a21ebc434089a80e0c3e5f75f7c4 (diff) | |
download | android_external_sepolicy-cm-13.0.tar.gz android_external_sepolicy-cm-13.0.tar.bz2 android_external_sepolicy-cm-13.0.zip |
system_server: replace sys_resource with sys_ptraceHEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004-rc2replicant-6.0-0004-rc1replicant-6.0-0004replicant-6.0-0003cm-13.0
Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. However, in an SELinux based world, allowing
this access causes CAP_SYS_RESOURCE to duplicate what CAP_SYS_PTRACE
(without :process ptrace) already provides.
Use CAP_SYS_PTRACE instead of CAP_SYS_RESOURCE.
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Bug: 34951864
Bug: 38496951
Change-Id: I04d745b436ad75ee1ebecf0a61c6891858022e34
(cherry picked from commit 448669540c0b7c22ee8b8293217818f8f92238b6)
(cherry picked from commit c15810c527ffa6953108f68365cf2df9e0868096)
-rw-r--r-- | system_server.te | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/system_server.te b/system_server.te index b81a37c..1430b16 100644 --- a/system_server.te +++ b/system_server.te @@ -51,16 +51,13 @@ allow system_server self:capability { net_raw sys_boot sys_nice - sys_resource + sys_ptrace sys_time sys_tty_config }; wakelock_use(system_server) -# Triggered by /proc/pid accesses, not allowed. -dontaudit system_server self:capability sys_ptrace; - # Trigger module auto-load. allow system_server kernel:system module_request; |