Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
sepolicy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package Registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CodeLinaro
public-release-test
platform
system
sepolicy
Commits
7826a787
Commit
7826a787
authored
6 years ago
by
Treehugger Robot
Committed by
Gerrit Code Review
6 years ago
Browse files
Options
Downloads
Plain Diff
Merge "add links to docs explaining motivations behind neverallow assertions."
parents
9ec48cef
6cf9160e
No related branches found
No related tags found
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
private/system_server.te
+4
-1
4 additions, 1 deletion
private/system_server.te
private/zygote.te
+3
-1
3 additions, 1 deletion
private/zygote.te
public/domain.te
+3
-0
3 additions, 0 deletions
public/domain.te
with
10 additions
and
2 deletions
private/system_server.te
+
4
−
1
View file @
7826a787
...
...
@@ -880,7 +880,8 @@ neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock
neverallow system_server dex2oat_exec:file no_x_file_perms;
# system_server should never execute or load executable shared libraries
# in /data
# in /data. Executable files in /data are a persistence vector.
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
neverallow system_server data_file_type:file no_x_file_perms;
# The only block device system_server should be accessing is
...
...
@@ -889,6 +890,8 @@ neverallow system_server data_file_type:file no_x_file_perms;
neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms;
# system_server should never use JIT functionality
# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
# in the section titled "A Short ROP Chain" for why.
neverallow system_server self:process execmem;
neverallow system_server ashmem_device:chr_file execute;
...
...
This diff is collapsed.
Click to expand it.
private/zygote.te
+
3
−
1
View file @
7826a787
...
...
@@ -43,7 +43,9 @@ allow zygote resourcecache_data_file:dir rw_dir_perms;
allow zygote resourcecache_data_file:file create_file_perms;
# When WITH_DEXPREOPT is true, the zygote does not load executable content from
# /data/dalvik-cache.
# /data/dalvik-cache. Executable files loaded from /data is a persistence vector
# we want to avoid. See
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
# Execute idmap and dex2oat within zygote's own domain.
...
...
This diff is collapsed.
Click to expand it.
public/domain.te
+
3
−
0
View file @
7826a787
...
...
@@ -425,6 +425,9 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
#
# Assert that, to the extent possible, we're not loading executable content from
# outside the rootfs or /system partition except for a few whitelisted domains.
# Executable files loaded from /data is a persistence vector
# we want to avoid. See
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
#
neverallow {
domain
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
