From 62f2842c80f8f166ec12952df921e9dd6989cd95 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Wed, 20 Sep 2017 12:51:57 -0700
Subject: [PATCH] Explicitly label filesystem files in /proc

proc files needed by fwk that were labeled:
/proc/filesystems -> proc_filesystems
/proc/mounts -> proc_mounts
/proc/swaps -> proc_mounts

Removed access to proc label from these domains:
e2fs, fsck, fsck_untrusted, sdcardd

e2fs: added access to proc_filesystems, proc_mounts, proc_swaps
fsck: added access to proc_mounts, proc_swaps
fsck_untrusted: added access to proc_mounts
sdcardd: added access to proc_filesystems
vold: added access to proc_filesystems, proc_mounts

Bug: 66199084
Test: device boots without selinux denials to new labels or proc label.
Change-Id: If0f19e22074419dab0b3a0c6f3a300ea8cb94523
---
 private/app_neverallows.te   | 3 +++
 private/compat/26.0/26.0.cil | 2 +-
 private/genfs_contexts       | 3 +++
 public/e2fs.te               | 7 +++++--
 public/file.te               | 3 +++
 public/fsck.te               | 5 ++++-
 public/fsck_untrusted.te     | 2 +-
 public/sdcardd.te            | 2 +-
 public/vold.te               | 6 +++++-
 9 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 280649e0a..db14f1b58 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -111,9 +111,12 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
 neverallow all_untrusted_apps {
   proc
   proc_asound_cards
+  proc_filesystems
   proc_kmsg
   proc_loadavg
+  proc_mounts
   proc_pagetypeinfo
+  proc_swaps
   proc_version
   proc_vmallocinfo
 }:file { no_rw_file_perms no_x_file_perms };
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 557135717..4ad2d8443 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -447,7 +447,7 @@
 (typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
 (typeattributeset print_service_26_0 (print_service))
 (typeattributeset priv_app_26_0 (mediaprovider priv_app))
-(typeattributeset proc_26_0 (proc proc_asound_cards proc_kmsg proc_loadavg proc_pagetypeinfo proc_uid_time_in_state proc_version proc_vmallocinfo))
+(typeattributeset proc_26_0 (proc proc_asound_cards proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
 (typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
 (typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
 (typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 01c63698f..cfe7b92c8 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -4,6 +4,7 @@ genfscon rootfs / u:object_r:rootfs:s0
 genfscon proc / u:object_r:proc:s0
 genfscon proc /asound/cards u:object_r:proc_asound_cards:s0
 genfscon proc /config.gz u:object_r:config_gz:s0
+genfscon proc /filesystems u:object_r:proc_filesystems:s0
 genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /kmsg u:object_r:proc_kmsg:s0
@@ -11,12 +12,14 @@ genfscon proc /loadavg u:object_r:proc_loadavg:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /modules u:object_r:proc_modules:s0
+genfscon proc /mounts u:object_r:proc_mounts:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
 genfscon proc /softirqs u:object_r:proc_timer:s0
 genfscon proc /stat u:object_r:proc_stat:s0
+genfscon proc /swaps u:object_r:proc_swaps:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
diff --git a/public/e2fs.te b/public/e2fs.te
index 30a815a01..a95512128 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -5,8 +5,11 @@ allow e2fs block_device:blk_file getattr;
 allow e2fs block_device:dir search;
 allow e2fs userdata_block_device:blk_file rw_file_perms;
 
-# access /proc/filesystems
-allow e2fs proc:file r_file_perms;
+allow e2fs {
+  proc_filesystems
+  proc_mounts
+  proc_swaps
+}:file r_file_perms;
 
 # access /sys/fs/ext4/features
 allow e2fs sysfs_fs_ext4_features:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index 20e534a9e..62cad466b 100644
--- a/public/file.te
+++ b/public/file.te
@@ -15,6 +15,7 @@ type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_asound_cards, fs_type;
 type proc_cpuinfo, fs_type;
+type proc_filesystems, fs_type;
 type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
 type proc_kmsg, fs_type;
@@ -22,10 +23,12 @@ type proc_loadavg, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_modules, fs_type;
+type proc_mounts, fs_type;
 type proc_net, fs_type;
 type proc_pagetypeinfo, fs_type;
 type proc_perf, fs_type;
 type proc_stat, fs_type;
+type proc_swaps, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
 type proc_tty_drivers, fs_type;
diff --git a/public/fsck.te b/public/fsck.te
index b682a877f..7cc7e8b18 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -30,7 +30,10 @@ allow fsck dm_device:blk_file rw_file_perms;
 # major/minor values.
 allow fsck dev_type:blk_file getattr;
 
-r_dir_file(fsck, proc)
+allow fsck {
+  proc_mounts
+  proc_swaps
+}:file r_file_perms;
 allow fsck rootfs:dir r_dir_perms;
 
 ###
diff --git a/public/fsck_untrusted.te b/public/fsck_untrusted.te
index e2aceb87b..8510c9424 100644
--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
@@ -12,7 +12,7 @@ allow fsck_untrusted vold:fifo_file { read write getattr };
 allow fsck_untrusted block_device:dir search;
 allow fsck_untrusted vold_device:blk_file rw_file_perms;
 
-r_dir_file(fsck_untrusted, proc)
+allow fsck_untrusted proc_mounts:file r_file_perms;
 
 # To determine if it is safe to run fsck on a filesystem, e2fsck
 # must first determine if the filesystem is mounted. To do that,
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 47a2f8061..2af64102d 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -32,7 +32,7 @@ allow sdcardd vold:fifo_file { read write getattr };
 allow sdcardd mnt_expand_file:dir search;
 
 # access /proc/filesystems
-allow sdcardd proc:file r_file_perms;
+allow sdcardd proc_filesystems:file r_file_perms;
 
 ###
 ### neverallow rules
diff --git a/public/vold.te b/public/vold.te
index a74354afd..e86caac3f 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -17,7 +17,11 @@ allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;
 
 r_dir_file(vold, rootfs)
-allow vold proc_meminfo:file r_file_perms;
+allow vold {
+  proc_filesystems
+  proc_meminfo
+  proc_mounts
+}:file r_file_perms;
 
 #Get file contexts
 allow vold file_contexts_file:file r_file_perms;
-- 
GitLab