Skip to content
Snippets Groups Projects
Commit 0fa3fb02 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Start paving the way for vold calls over Binder. 

This change is the bare minimum needed to publish a new vold
Binder service and move the simple "reset" call over to go through
the new interface.

The new rules here are mirrored on the existing installd rules, but
with a handful of neverallow rules relaxed due to funky interactions
with hal_client_domain().

Test: builds, boots
Bug: 13758960
Change-Id: Ia9522ea7a68698cb0edce7879abfbf22b9d67c76
parent 2075d32e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/compat/26.0/26.0.ignore.cil
+ 2
1
View file @ 0fa3fb02
......@@ -28,7 +28,8 @@
thermalserviced_exec
thermalserviced_tmpfs
timezone_service
tombstoned_java_trace_socket))
tombstoned_java_trace_socket
vold_service))
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
......
private/service_contexts
+ 1
0
View file @ 0fa3fb02
......@@ -160,6 +160,7 @@ user u:object_r:user_service:s0
vibrator u:object_r:vibrator_service:s0
virtual_touchpad u:object_r:virtual_touchpad_service:s0
voiceinteraction u:object_r:voiceinteraction_service:s0
vold u:object_r:vold_service:s0
vr_hwc u:object_r:vr_hwc_service:s0
vrmanager u:object_r:vr_manager_service:s0
wallpaper u:object_r:wallpaper_service:s0
......
private/system_app.te
+ 9
1
View file @ 0fa3fb02
......@@ -58,7 +58,15 @@ binder_call(system_app, incidentd)
allow system_app servicemanager:service_manager list;
# TODO: scope this down? Too broad?
allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
allow system_app {
service_manager_type
-dumpstate_service
-installd_service
-netd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
allow system_app keystore:keystore_key {
get_state
......
private/system_server.te
+ 2
0
View file @ 0fa3fb02
......@@ -178,6 +178,7 @@ binder_call(system_server, gatekeeperd)
binder_call(system_server, installd)
binder_call(system_server, incidentd)
binder_call(system_server, netd)
binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_service(system_server)
......@@ -574,6 +575,7 @@ allow system_server netd_service:service_manager find;
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server vold_service:service_manager find;
allow system_server wificond_service:service_manager find;
allow system_server keystore:keystore_key {
......
public/dumpstate.te
+ 9
1
View file @ 0fa3fb02
......@@ -186,7 +186,15 @@ userdebug_or_eng(`
allow dumpstate misc_logd_file:file r_file_perms;
')
allow dumpstate { service_manager_type -gatekeeper_service -dumpstate_service -incident_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
allow dumpstate {
service_manager_type
-dumpstate_service
-gatekeeper_service
-incident_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
allow dumpstate servicemanager:service_manager list;
allow dumpstate hwservicemanager:hwservice_manager list;
......
public/service.te
+ 1
0
View file @ 0fa3fb02
......@@ -27,6 +27,7 @@ type system_app_service, service_manager_type;
type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
type vr_hwc_service, service_manager_type;
# system_server_services broken down
......
public/shell.te
+ 10
1
View file @ 0fa3fb02
......@@ -89,7 +89,16 @@ allow shell servicemanager:service_manager list;
# don't allow shell to access GateKeeper service
# TODO: why is this so broad? Tightening candidate? It needs at list:
# - dumpstate_service (so it can receive dumpstate progress updates)
allow shell { service_manager_type -gatekeeper_service -incident_service -installd_service -netd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
allow shell {
service_manager_type
-gatekeeper_service
-incident_service
-installd_service
-netd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
allow shell dumpstate:binder call;
# allow shell to get information from hwservicemanager
......
public/vold.te
+ 20
1
View file @ 0fa3fb02
......@@ -135,8 +135,15 @@ allow vold unlabeled:file { r_file_perms setattr relabelfrom };
# Handle wake locks (used for device encryption)
wakelock_use(vold)
# talk to batteryservice
# Allow vold to publish a binder service and make binder calls.
binder_use(vold)
add_service(vold, vold_service)
# Allow vold to call into the system server so it can check permissions.
binder_call(vold, system_server)
allow vold permission_service:service_manager find;
# talk to batteryservice
binder_call(vold, healthd)
# talk to keymaster
......@@ -191,4 +198,16 @@ neverallow { domain -vold -init } vold_data_file:dir *;
neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
neverallow { domain -vold -init } restorecon_prop:property_service set;
# Only system_server can interact with vold over binder
neverallow { domain -system_server -vold } vold_service:service_manager find;
neverallow vold {
domain
-hal_keymaster
-healthd
-hwservicemanager
-servicemanager
-system_server
userdebug_or_eng(`-su')
}:binder call;
neverallow vold fsck_exec:file execute_no_trans;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment