Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
sepolicy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package Registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CodeLinaro
public-release-test
platform
system
sepolicy
Commits
432bc0e5
Commit
432bc0e5
authored
8 years ago
by
Alex Klyubin
Committed by
Gerrit Code Review
8 years ago
Browse files
Options
Downloads
Plain Diff
Merge "Move adbd policy to private"
parents
c7125fa2
8309f0a2
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
private/adbd.te
+128
-2
128 additions, 2 deletions
private/adbd.te
public/adbd.te
+1
-125
1 addition, 125 deletions
public/adbd.te
with
129 additions
and
127 deletions
private/adbd.te
+
128
−
2
View file @
432bc0e5
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
### ADB daemon
typeattribute adbd mlstrustedsubject;
domain_auto_trans(adbd, shell_exec, shell)
userdebug_or_eng(`
allow adbd self:process setcurrent;
allow adbd su:process dyntransition;
')
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
# Set UID and GID to shell. Set supplementary groups.
allow adbd self:capability { setuid setgid };
# Drop capabilities from bounding set on user builds.
allow adbd self:capability setpcap;
# Create and use network sockets.
net_domain(adbd)
# Access /dev/usb-ffs/adb/ep0
allow adbd functionfs:dir search;
allow adbd functionfs:file rw_file_perms;
# Use a pseudo tty.
allow adbd devpts:chr_file rw_file_perms;
# adb push/pull /data/local/tmp.
allow adbd shell_data_file:dir create_dir_perms;
allow adbd shell_data_file:file create_file_perms;
# adb pull /data/misc/profman.
allow adbd profman_dump_data_file:dir r_dir_perms;
allow adbd profman_dump_data_file:file r_file_perms;
# adb push/pull sdcard.
allow adbd tmpfs:dir search;
allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink
allow adbd sdcard_type:dir create_dir_perms;
allow adbd sdcard_type:file create_file_perms;
# adb pull /data/anr/traces.txt
allow adbd anr_data_file:dir r_dir_perms;
allow adbd anr_data_file:file r_file_perms;
# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
set_prop(adbd, shell_prop)
set_prop(adbd, powerctl_prop)
set_prop(adbd, ffs_prop)
# Access device logging gating property
get_prop(adbd, device_logging_prop)
# Read device's serial number from system properties
get_prop(adbd, serialno_prop)
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
# Perform binder IPC to surfaceflinger (screencap)
# XXX Run screencap in a separate domain?
binder_use(adbd)
binder_call(adbd, surfaceflinger)
# b/13188914
allow adbd gpu_device:chr_file rw_file_perms;
allow adbd ion_device:chr_file rw_file_perms;
r_dir_file(adbd, system_file)
# Read /data/misc/adb/adb_keys.
allow adbd adb_keys_file:dir search;
allow adbd adb_keys_file:file r_file_perms;
userdebug_or_eng(`
# Write debugging information to /data/adb
# when persist.adb.trace_mask is set
# https://code.google.com/p/android/issues/detail?id=72895
allow adbd adb_data_file:dir rw_dir_perms;
allow adbd adb_data_file:file create_file_perms;
')
# ndk-gdb invokes adb forward to forward the gdbserver socket.
allow adbd app_data_file:dir search;
allow adbd app_data_file:sock_file write;
allow adbd appdomain:unix_stream_socket connectto;
# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms;
# Allow pulling the SELinux policy for CTS purposes
allow adbd selinuxfs:dir r_dir_perms;
allow adbd selinuxfs:file r_file_perms;
allow adbd kernel:security read_policy;
allow adbd surfaceflinger_service:service_manager find;
allow adbd bootchart_data_file:dir search;
allow adbd bootchart_data_file:file r_file_perms;
# Allow access to external storage; we have several visible mount points under /storage
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
allow adbd storage_file:dir r_dir_perms;
allow adbd storage_file:lnk_file r_file_perms;
allow adbd mnt_user_file:dir r_dir_perms;
allow adbd mnt_user_file:lnk_file r_file_perms;
# Access to /data/media.
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
allow adbd media_rw_data_file:dir create_dir_perms;
allow adbd media_rw_data_file:file create_file_perms;
r_dir_file(adbd, apk_data_file)
allow adbd rootfs:dir r_dir_perms;
###
### Neverallow rules
###
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
neverallow adbd { domain -crash_dump -shell }:process transition;
neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
This diff is collapsed.
Click to expand it.
public/adbd.te
+
1
−
125
View file @
432bc0e5
# adbd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type adbd, domain, mlstrustedsubject;
userdebug_or_eng(`
allow adbd self:process setcurrent;
allow adbd su:process dyntransition;
')
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
# Set UID and GID to shell. Set supplementary groups.
allow adbd self:capability { setuid setgid };
# Drop capabilities from bounding set on user builds.
allow adbd self:capability setpcap;
# Create and use network sockets.
net_domain(adbd)
# Access /dev/usb-ffs/adb/ep0
allow adbd functionfs:dir search;
allow adbd functionfs:file rw_file_perms;
# Use a pseudo tty.
allow adbd devpts:chr_file rw_file_perms;
# adb push/pull /data/local/tmp.
allow adbd shell_data_file:dir create_dir_perms;
allow adbd shell_data_file:file create_file_perms;
# adb pull /data/misc/profman.
allow adbd profman_dump_data_file:dir r_dir_perms;
allow adbd profman_dump_data_file:file r_file_perms;
# adb push/pull sdcard.
allow adbd tmpfs:dir search;
allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink
allow adbd sdcard_type:dir create_dir_perms;
allow adbd sdcard_type:file create_file_perms;
# adb pull /data/anr/traces.txt
allow adbd anr_data_file:dir r_dir_perms;
allow adbd anr_data_file:file r_file_perms;
# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
set_prop(adbd, shell_prop)
set_prop(adbd, powerctl_prop)
set_prop(adbd, ffs_prop)
# Access device logging gating property
get_prop(adbd, device_logging_prop)
# Read device's serial number from system properties
get_prop(adbd, serialno_prop)
# Run /system/bin/bu
allow adbd system_file:file rx_file_perms;
# Perform binder IPC to surfaceflinger (screencap)
# XXX Run screencap in a separate domain?
binder_use(adbd)
binder_call(adbd, surfaceflinger)
# b/13188914
allow adbd gpu_device:chr_file rw_file_perms;
allow adbd ion_device:chr_file rw_file_perms;
r_dir_file(adbd, system_file)
# Read /data/misc/adb/adb_keys.
allow adbd adb_keys_file:dir search;
allow adbd adb_keys_file:file r_file_perms;
userdebug_or_eng(`
# Write debugging information to /data/adb
# when persist.adb.trace_mask is set
# https://code.google.com/p/android/issues/detail?id=72895
allow adbd adb_data_file:dir rw_dir_perms;
allow adbd adb_data_file:file create_file_perms;
')
# ndk-gdb invokes adb forward to forward the gdbserver socket.
allow adbd app_data_file:dir search;
allow adbd app_data_file:sock_file write;
allow adbd appdomain:unix_stream_socket connectto;
# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms;
# Allow pulling the SELinux policy for CTS purposes
allow adbd selinuxfs:dir r_dir_perms;
allow adbd selinuxfs:file r_file_perms;
allow adbd kernel:security read_policy;
allow adbd surfaceflinger_service:service_manager find;
allow adbd bootchart_data_file:dir search;
allow adbd bootchart_data_file:file r_file_perms;
# Allow access to external storage; we have several visible mount points under /storage
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
allow adbd storage_file:dir r_dir_perms;
allow adbd storage_file:lnk_file r_file_perms;
allow adbd mnt_user_file:dir r_dir_perms;
allow adbd mnt_user_file:lnk_file r_file_perms;
# Access to /data/media.
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
allow adbd media_rw_data_file:dir create_dir_perms;
allow adbd media_rw_data_file:file create_file_perms;
r_dir_file(adbd, apk_data_file)
allow adbd rootfs:dir r_dir_perms;
###
### Neverallow rules
###
# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
# transitions to the shell domain (except when it crashes). In particular, we
# never want to see a transition from adbd to su (aka "adb root")
neverallow adbd { domain -crash_dump -shell }:process transition;
neverallow adbd { domain userdebug_or_eng(`-su') }:process dyntransition;
type adbd, domain;
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
