neverallow service_manager / service_manager_type

Init never uses / add service manager services. It doesn't make sense to allow these rules to init. Adding a rule of this type is typically caused by a process inappropriately running in init's SELinux domain, and the warning message: Warning! Service %s needs a SELinux domain defined; please fix! is ignored. In addition, add neverallow rules to domain.te which prevent nonsense SELinux service_manager rules from being added. Change-Id: Id04a50d1826fe451a9ed216aa7ab249d0393cc57

neverallow service_manager / service_manager_type
Init never uses / add service manager services. It doesn't make sense to allow these rules to init. Adding a rule of this type is typically caused by a process inappropriately running in init's SELinux domain, and the warning message: Warning! Service %s needs a SELinux domain defined; please fix! is ignored. In addition, add neverallow rules to domain.te which prevent nonsense SELinux service_manager rules from being added. Change-Id: Id04a50d1826fe451a9ed216aa7ab249d0393cc57
f2c4e128 · Nick Kralevich · 10a3a36a · f2c4e128 · f2c4e128
Commit f2c4e128 authored 9 years ago by Nick Kralevich
--- a/domain.te
+++ b/domain.te
@@ -494,3 +494,9 @@ neverallow {
  -installd
  -surfaceflinger # TODO: see if we can remove from mako sepolicy
 } shell_data_file:lnk_file read;
+# servicemanager is the only process which handles list request
+neverallow domain ~servicemanager:service_manager list;
+# only service_manager_types can be added to service_manager
+neverallow domain ~service_manager_type:service_manager { add find };
--- a/init.te
+++ b/init.te
@@ -282,3 +282,7 @@ neverallow init app_data_file:lnk_file read;
 # init should never execute a program without changing to another domain.
 neverallow init { file_type fs_type }:file execute_no_trans;
+# Init never adds or uses services via service_manager.
+neverallow init service_manager_type:service_manager { add find };
+neverallow init servicemanager:service_manager list;