diff options
author | Mark Salyzyn <salyzyn@google.com> | 2016-03-16 08:11:49 -0700 |
---|---|---|
committer | Mark Salyzyn <salyzyn@google.com> | 2016-03-24 11:30:29 -0700 |
commit | 16fe52c90caae18c0d91918d6bfc471f2e637207 (patch) | |
tree | 531d0b1225e9fb7393ee8279995a7ac783cb643b | |
parent | af3ca33f612a764301fb294513320091c23a2966 (diff) | |
download | sepolicy-16fe52c90caae18c0d91918d6bfc471f2e637207.tar.gz |
Add recovery_persist & recovery_refresh
One time executables. recovery_refresh can be used at any time to
ensure recovery logs in pmsg are re-placed at the end of the FIFO.
recovery_persist takes the recovery logs in pmsg and drops them
into /data/misc/recovery/ directory.
Bug: 27176738
Change-Id: Ife3cf323930fb7a6a5d1704667961f9d42bfc5ac
-rw-r--r-- | file.te | 1 | ||||
-rw-r--r-- | file_contexts | 3 | ||||
-rw-r--r-- | recovery_persist.te | 31 | ||||
-rw-r--r-- | recovery_refresh.te | 29 |
4 files changed, 64 insertions, 0 deletions
@@ -131,6 +131,7 @@ type misc_user_data_file, file_type, data_file_type; type net_data_file, file_type, data_file_type; type nfc_data_file, file_type, data_file_type; type radio_data_file, file_type, data_file_type, mlstrustedobject; +type recovery_data_file, file_type, data_file_type; type shared_relro_file, file_type, data_file_type; type systemkeys_data_file, file_type, data_file_type; type vpn_data_file, file_type, data_file_type; diff --git a/file_contexts b/file_contexts index 785dc9e..83d87e1 100644 --- a/file_contexts +++ b/file_contexts @@ -174,6 +174,8 @@ /system/bin/debuggerd u:object_r:debuggerd_exec:s0 /system/bin/debuggerd64 u:object_r:debuggerd_exec:s0 /system/bin/wpa_supplicant u:object_r:wpa_exec:s0 +/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0 +/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0 /system/bin/sdcard u:object_r:sdcardd_exec:s0 /system/bin/dhcpcd u:object_r:dhcp_exec:s0 /system/bin/dhcpcd-6.8.2 u:object_r:dhcp_exec:s0 @@ -267,6 +269,7 @@ /data/misc/logd(/.*)? u:object_r:misc_logd_file:s0 /data/misc/media(/.*)? u:object_r:media_data_file:s0 /data/misc/net(/.*)? u:object_r:net_data_file:s0 +/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0 /data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0 /data/misc/sms(/.*)? u:object_r:radio_data_file:s0 /data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0 diff --git a/recovery_persist.te b/recovery_persist.te new file mode 100644 index 0000000..19a240f --- /dev/null +++ b/recovery_persist.te @@ -0,0 +1,31 @@ +# android recovery persistent log manager +type recovery_persist, domain; +type recovery_persist_exec, exec_type, file_type; + +init_daemon_domain(recovery_persist) + +allow recovery_persist pstorefs:dir search; +allow recovery_persist pstorefs:file r_file_perms; + +allow recovery_persist recovery_data_file:file create_file_perms; +allow recovery_persist recovery_data_file:dir create_dir_perms; + +### +### Neverallow rules +### +### recovery_persist should NEVER do any of this + +# Block device access. +neverallow recovery_persist dev_type:blk_file { read write }; + +# ptrace any other app +neverallow recovery_persist domain:process ptrace; + +# Write to /system. +neverallow recovery_persist system_file:dir_file_class_set write; + +# Write to files in /data/data +neverallow recovery_persist { app_data_file system_data_file }:dir_file_class_set write; + +# recovery_persist is not allowed to write anywhere other than recovery_data_file +neverallow recovery_persist { file_type -recovery_data_file -recovery_persist_tmpfs userdebug_or_eng(`-coredump_file') }:file write; diff --git a/recovery_refresh.te b/recovery_refresh.te new file mode 100644 index 0000000..9fae110 --- /dev/null +++ b/recovery_refresh.te @@ -0,0 +1,29 @@ +# android recovery refresh log manager +type recovery_refresh, domain; +type recovery_refresh_exec, exec_type, file_type; + +init_daemon_domain(recovery_refresh) + +allow recovery_refresh pstorefs:dir search; +allow recovery_refresh pstorefs:file r_file_perms; +# NB: domain inherits write_logd which hands us write to pmsg_device + +### +### Neverallow rules +### +### recovery_refresh should NEVER do any of this + +# Block device access. +neverallow recovery_refresh dev_type:blk_file { read write }; + +# ptrace any other app +neverallow recovery_refresh domain:process ptrace; + +# Write to /system. +neverallow recovery_refresh system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow recovery_refresh { app_data_file system_data_file }:dir_file_class_set write; + +# recovery_refresh is not allowed to write anywhere +neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write; |