Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Blame History Permalink
  • Nick Kralevich's avatar
    fastbootd.te: Delete allowxperm statement · 392ac0fd
    Nick Kralevich authored 
    system/sepolicy commit 4c8eaba7, reviewed in
https://android-review.googlesource.com/c/platform/system/sepolicy/+/793958
started enforcing explicit ioctl permission checks for all block device
files. As part of that commit, the following lines were added to
domain.te:

  # If a domain has access to perform an ioctl on a block device, allow these
  # very common, benign ioctls
  allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };

In essence, if a domain is granted ioctl access to any device in
policy (for example, via adding "ioctl" to the allow rule, or by using
the macro "r_file_perms" which includes the ioctl permission), then the
two ioctls BLKGETSIZE64 and BLKSSZGET will be automatically allowed. As
such, it is redundent for a domain to explicitly request these two
ioctls.

Delete the now redundant allowxperm rule.

Test: policy compiles
Change-Id: I1964ed93a7c7601393cc9e2416f3640ea22db51b
    392ac0fd
fastbootd.te 1.96 KiB 
# fastbootd (used in recovery init.rc for /sbin/fastbootd)

# Declare the domain unconditionally so we can always reference it
# in neverallow rules.
type fastbootd, domain;

# But the allow rules are only included in the recovery policy.
# Otherwise fastbootd is only allowed the domain rules.
recovery_only(`
  # fastbootd can only use HALs in passthrough mode
  passthrough_hal_client_domain(fastbootd, hal_bootctl)

  # Access /dev/usb-ffs/fastbootd/ep0
  allow fastbootd functionfs:dir search;
  allow fastbootd functionfs:file rw_file_perms;

  allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
  # Log to serial
  allow fastbootd kmsg_device:chr_file { open write };

  # battery info
  allow fastbootd sysfs_batteryinfo:file r_file_perms;

  allow fastbootd device:dir r_dir_perms;

  # Reboot the device
  set_prop(fastbootd, powerctl_prop)

  # Read serial number of the device from system properties
  get_prop(fastbootd, serialno_prop)

  # Set sys.usb.ffs.ready.
  set_prop(fastbootd, ffs_prop)
  set_prop(fastbootd, exported_ffs_prop)

  unix_socket_connect(fastbootd, recovery, recovery)

  # Required for flashing
  allow fastbootd dm_device:chr_file rw_file_perms;
  allow fastbootd dm_device:blk_file rw_file_perms;

  allow fastbootd super_block_device:blk_file rw_file_perms;
  allow fastbootd {
    boot_block_device
    metadata_block_device
    system_block_device
    userdata_block_device
  }:blk_file { w_file_perms getattr ioctl };

  allowxperm fastbootd {
    metadata_block_device
    userdata_block_device
  }:blk_file ioctl { BLKSECDISCARD BLKDISCARD };

  allow fastbootd misc_block_device:blk_file rw_file_perms;

  allow fastbootd proc_cmdline:file r_file_perms;
  allow fastbootd rootfs:dir r_dir_perms;
  allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
')

###
### neverallow rules
###

# Write permission is required to wipe userdata
# until recovery supports vold.
neverallow fastbootd {
   data_file_type
}:file { no_x_file_perms };