diff options
author | Jeff Sharkey <jsharkey@android.com> | 2015-03-31 08:04:46 -0700 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2015-03-31 08:13:20 -0700 |
commit | 5a5b364c54bbeb2ac032dac18e378370bd35fb45 (patch) | |
tree | c79784cfec8ad50119d571de7e09faa3d0561ea4 | |
parent | 5895ffe1f72ea660652ff3d4b3e84dde598fce22 (diff) | |
download | android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.tar.gz android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.tar.bz2 android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.zip |
Separate fsck domains to protect userdata.
Create new vold_fsck domain that only has access to vold_block
devices to prevent any access to internal userdata.
Change-Id: I25ddcd16cbf83d7a25b70bc64d95f5345d0d5731
-rw-r--r-- | fsck.te | 12 | ||||
-rw-r--r-- | vold.te | 2 | ||||
-rw-r--r-- | vold_fsck.te | 35 |
3 files changed, 40 insertions, 9 deletions
@@ -1,4 +1,4 @@ -# Any fsck program run by init or vold +# Any fsck program run by init type fsck, domain; type fsck_exec, exec_type, file_type; @@ -15,11 +15,6 @@ allow fsck devpts:chr_file { read write ioctl getattr }; allow fsck block_device:dir search; allow fsck userdata_block_device:blk_file rw_file_perms; allow fsck cache_block_device:blk_file rw_file_perms; -allow fsck vold_device:blk_file rw_file_perms; - -# Allow stdin/out back to vold -allow fsck vold:fd use; -allow fsck vold:fifo_file { read write getattr }; ### ### neverallow rules @@ -34,9 +29,10 @@ neverallow fsck { root_block_device swap_block_device system_block_device + vold_device }:blk_file no_rw_file_perms; -# Only allow entry from init or vold via fsck binaries -neverallow { domain -init -vold } fsck:process transition; +# Only allow entry from init via fsck binaries +neverallow { domain -init } fsck:process transition; neverallow domain fsck:process dyntransition; neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; @@ -8,7 +8,7 @@ init_daemon_domain(vold) domain_auto_trans(vold, sgdisk_exec, sgdisk); domain_auto_trans(vold, blkid_exec, blkid); domain_auto_trans(vold, sdcardd_exec, sdcardd); -domain_auto_trans(vold, fsck_exec, fsck); +domain_auto_trans(vold, fsck_exec, vold_fsck); typeattribute vold mlstrustedsubject; allow vold self:process setfscreate; diff --git a/vold_fsck.te b/vold_fsck.te new file mode 100644 index 0000000..e45c527 --- /dev/null +++ b/vold_fsck.te @@ -0,0 +1,35 @@ +# Any fsck program run by vold +type vold_fsck, domain; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow vold_fsck devpts:chr_file { read write ioctl getattr }; + +# Run fsck on certain block devices +allow vold_fsck block_device:dir search; +allow vold_fsck vold_device:blk_file rw_file_perms; + +# Allow stdin/out back to vold +allow vold_fsck vold:fd use; +allow vold_fsck vold:fifo_file { read write getattr }; + +### +### neverallow rules +### + +# fsck should never be run on these block devices +neverallow vold_fsck { + boot_block_device + frp_block_device + metadata_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdata_block_device + cache_block_device +}:blk_file no_rw_file_perms; + +# Only allow entry from vold via fsck binaries +neverallow { domain -vold } vold_fsck:process transition; +neverallow domain vold_fsck:process dyntransition; +neverallow vold_fsck { file_type fs_type -fsck_exec }:file entrypoint; |