Skip to content
Snippets Groups Projects
Commit e16fb910 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Properly Treble-ize tmpfs access

This is being done in preparation for the migration from ashmem to
memfd. In order for tmpfs objects to be usable across the Treble
boundary, they need to be declared in public policy whereas, they're
currently all declared in private policy as part of the
tmpfs_domain() macro. Remove the type declaration from the
macro, and remove tmpfs_domain() from the init_daemon_domain() macro
to avoid having to declare the *_tmpfs types for all init launched
domains. tmpfs is mostly used by apps and the media frameworks.

Bug: 122854450
Test: Boot Taimen and blueline. Watch videos, make phone calls, browse
internet, send text, install angry birds...play angry birds, keep
playing angry birds...

Change-Id: I20a47d2bb22e61b16187015c7bc7ca10accf6358
parent 0c742804
No related branches found
No related tags found
No related merge requests found
Showing
with 23 additions and 8 deletions
......@@ -4,6 +4,7 @@ typeattribute audioserver coredomain;
type audioserver_exec, exec_type, file_type, system_file_type;
init_daemon_domain(audioserver)
tmpfs_domain(audioserver)
r_dir_file(audioserver, sdcard_type)
......
......@@ -18,6 +18,7 @@
apexd_prop
apexd_tmpfs
app_zygote
app_zygote_tmpfs
biometric_service
bpf_progs_loaded_prop
bugreport_service
......@@ -75,6 +76,7 @@
mnt_product_file
network_stack
network_stack_service
network_stack_tmpfs
overlayfs_file
permissionmgr_service
recovery_socket
......@@ -85,11 +87,13 @@
rss_hwm_reset
rss_hwm_reset_exec
runas_app
runas_app_tmpfs
runtime_service
sensor_privacy_service
server_configurable_flags_data_file
simpleperf_app_runner
simpleperf_app_runner_exec
su_tmpfs
super_block_device
system_event_log_tags_file
system_lmk_prop
......
# dexoptanalyzer
type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
type dexoptanalyzer_tmpfs, file_type;
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
......
......@@ -4,10 +4,8 @@ init_daemon_domain(logd)
# logd is not allowed to write anywhere other than /data/misc/logd, and then
# only on userdebug or eng builds
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow logd {
file_type
-logd_tmpfs
-runtime_event_log_tags_file
userdebug_or_eng(`-coredump_file -misc_logd_file')
}:file { create write append };
......
typeattribute mediaextractor coredomain;
init_daemon_domain(mediaextractor)
tmpfs_domain(mediaextractor)
typeattribute mediaserver coredomain;
init_daemon_domain(mediaserver)
tmpfs_domain(mediaserver)
# allocate and use graphic buffers
hal_client_domain(mediaserver, hal_graphics_allocator)
......
......@@ -4,6 +4,7 @@
# daemon.
type perfetto_exec, system_file_type, exec_type, file_type;
type perfetto_tmpfs, file_type;
tmpfs_domain(perfetto);
......
......@@ -3,5 +3,4 @@ typeattribute recovery_persist coredomain;
init_daemon_domain(recovery_persist)
# recovery_persist is not allowed to write anywhere other than recovery_data_file
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow recovery_persist { file_type -recovery_data_file -recovery_persist_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
neverallow recovery_persist { file_type -recovery_data_file userdebug_or_eng(`-coredump_file') }:file write;
......@@ -3,5 +3,4 @@ typeattribute recovery_refresh coredomain;
init_daemon_domain(recovery_refresh)
# recovery_refresh is not allowed to write anywhere
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
neverallow recovery_refresh { file_type userdebug_or_eng(`-coredump_file') }:file write;
type system_server_startup, domain, coredomain;
type system_server_startup_tmpfs, file_type;
tmpfs_domain(system_server_startup)
......
# Perfetto user-space tracing daemon (unprivileged)
type traced, domain, coredomain, mlstrustedsubject;
type traced_exec, system_file_type, exec_type, file_type;
type traced_tmpfs, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced)
tmpfs_domain(traced)
# Allow apps in other MLS contexts (for multi-user) to access
# share memory buffers created by traced.
......
# viewcompiler
type viewcompiler, domain, coredomain, mlstrustedsubject;
type viewcompiler_exec, system_file_type, exec_type, file_type;
type viewcompiler_tmpfs, file_type;
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by viewcompiler their
......
......@@ -3,3 +3,4 @@
# spawned from the regular zygote process as a "child zygote".
type app_zygote, domain;
type app_zygote_tmpfs, file_type;
# audioserver - audio services daemon
type audioserver, domain;
type audioserver_tmpfs, file_type;
# bluetooth subsystem
type bluetooth, domain;
type bluetooth_tmpfs, file_type;
......@@ -52,6 +52,7 @@ userdebug_or_eng(`
')
# Root fs.
allow domain tmpfs:dir { getattr search };
allow domain rootfs:dir search;
allow domain rootfs:lnk_file { read getattr };
......
......@@ -12,3 +12,4 @@
### PackageManager flags an app as ephemeral at install time.
type ephemeral_app, domain;
type ephemeral_app_tmpfs, file_type;
# init is its own domain.
type init, domain, mlstrustedsubject;
# The init domain is entered by execing init.
type init_exec, system_file_type, exec_type, file_type;
type init_tmpfs, file_type;
# /dev/__null__ node created by init.
allow init tmpfs:chr_file { create setattr unlink rw_file_perms };
......
......@@ -7,3 +7,4 @@
###
type isolated_app, domain;
type isolated_app_tmpfs, file_type;
# mediaextractor - multimedia daemon
type mediaextractor, domain;
type mediaextractor_exec, system_file_type, exec_type, file_type;
type mediaextractor_tmpfs, file_type;
typeattribute mediaextractor mlstrustedsubject;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment