Merge "Explicitly label filesystem files in /proc"

01c57421 · Tri Vo · Android (Google) Code Review · 3093ba28 · 62f2842c · 01c57421
Commit 01c57421 authored 7 years ago by Tri Vo Committed by Android (Google) Code Review 7 years ago
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -111,9 +111,12 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
 neverallow all_untrusted_apps {
  proc
  proc_asound_cards
+  proc_filesystems
  proc_kmsg
  proc_loadavg
+  proc_mounts
  proc_pagetypeinfo
+  proc_swaps
  proc_version
  proc_vmallocinfo
 }:file { no_rw_file_perms no_x_file_perms };

--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -447,7 +447,7 @@
 (typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
 (typeattributeset print_service_26_0 (print_service))
 (typeattributeset priv_app_26_0 (mediaprovider priv_app))
-(typeattributeset proc_26_0 (proc proc_asound_cards proc_kmsg proc_loadavg proc_pagetypeinfo proc_uid_time_in_state proc_version proc_vmallocinfo))
+(typeattributeset proc_26_0 (proc proc_asound_cards proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
 (typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
 (typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
 (typeattributeset proc_drop_caches_26_0 (proc_drop_caches))

--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -4,6 +4,7 @@ genfscon rootfs / u:object_r:rootfs:s0
 genfscon proc / u:object_r:proc:s0
 genfscon proc /asound/cards u:object_r:proc_asound_cards:s0
 genfscon proc /config.gz u:object_r:config_gz:s0
+genfscon proc /filesystems u:object_r:proc_filesystems:s0
 genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /kmsg u:object_r:proc_kmsg:s0
@@ -11,12 +12,14 @@ genfscon proc /loadavg u:object_r:proc_loadavg:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /modules u:object_r:proc_modules:s0
+genfscon proc /mounts u:object_r:proc_mounts:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
 genfscon proc /softirqs u:object_r:proc_timer:s0
 genfscon proc /stat u:object_r:proc_stat:s0
+genfscon proc /swaps u:object_r:proc_swaps:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0

--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -5,8 +5,11 @@ allow e2fs block_device:blk_file getattr;
 allow e2fs block_device:dir search;
 allow e2fs userdata_block_device:blk_file rw_file_perms;
-# access /proc/filesystems
+allow e2fs {
-allow e2fs proc:file r_file_perms;
+  proc_filesystems
+  proc_mounts
+  proc_swaps
+}:file r_file_perms;
 # access /sys/fs/ext4/features
 allow e2fs sysfs_fs_ext4_features:file r_file_perms;

--- a/public/file.te
+++ b/public/file.te
@@ -15,6 +15,7 @@ type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_asound_cards, fs_type;
 type proc_cpuinfo, fs_type;
+type proc_filesystems, fs_type;
 type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
 type proc_kmsg, fs_type;
@@ -22,10 +23,12 @@ type proc_loadavg, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_modules, fs_type;
+type proc_mounts, fs_type;
 type proc_net, fs_type;
 type proc_pagetypeinfo, fs_type;
 type proc_perf, fs_type;
 type proc_stat, fs_type;
+type proc_swaps, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
 type proc_tty_drivers, fs_type;

--- a/public/fsck.te
+++ b/public/fsck.te
@@ -30,7 +30,10 @@ allow fsck dm_device:blk_file rw_file_perms;
 # major/minor values.
 allow fsck dev_type:blk_file getattr;
-r_dir_file(fsck, proc)
+allow fsck {
+  proc_mounts
+  proc_swaps
+}:file r_file_perms;
 allow fsck rootfs:dir r_dir_perms;
 ###

--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
@@ -12,7 +12,7 @@ allow fsck_untrusted vold:fifo_file { read write getattr };
 allow fsck_untrusted block_device:dir search;
 allow fsck_untrusted vold_device:blk_file rw_file_perms;
-r_dir_file(fsck_untrusted, proc)
+allow fsck_untrusted proc_mounts:file r_file_perms;
 # To determine if it is safe to run fsck on a filesystem, e2fsck
 # must first determine if the filesystem is mounted. To do that,

--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -32,7 +32,7 @@ allow sdcardd vold:fifo_file { read write getattr };
 allow sdcardd mnt_expand_file:dir search;
 # access /proc/filesystems
-allow sdcardd proc:file r_file_perms;
+allow sdcardd proc_filesystems:file r_file_perms;
 ###
 ### neverallow rules

--- a/public/vold.te
+++ b/public/vold.te
@@ -17,7 +17,11 @@ allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;
 r_dir_file(vold, rootfs)
-allow vold proc_meminfo:file r_file_perms;
+allow vold {
+  proc_filesystems
+  proc_meminfo
+  proc_mounts
+}:file r_file_perms;
 #Get file contexts
 allow vold file_contexts_file:file r_file_perms;