Merge "system_server: neverallow blk_file read/write"

5434a8a9 · Nick Kralevich · Gerrit Code Review · fbaf72ed · acc0842c · 5434a8a9
Commit 5434a8a9 authored 10 years ago by Nick Kralevich Committed by Gerrit Code Review 10 years ago
--- a/neverallow_macros
+++ b/neverallow_macros
 #
 # Common neverallow permissions
 define(`no_w_file_perms', `{ append create link unlink relabelfrom rename setattr write }')
+define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock }')
 define(`no_x_file_perms', `{ execute execute_no_trans }')
 define(`no_w_dir_perms',  `{ add_name create link relabelfrom remove_name rename reparent rmdir setattr write }')
--- a/system_server.te
+++ b/system_server.te
@@ -492,3 +492,8 @@ neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app
 # system server to dynamically load a dex file, something we do not
 # want to allow.
 neverallow system_server dex2oat_exec:file no_x_file_perms;
+# The only block device system_server should be accessing is
+# the frp_block_device. This helps avoid a system_server to root
+# escalation by writing to raw block devices.
+neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms;