diff options
author | Inseob Kim <inseob@google.com> | 2023-11-14 09:42:17 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2023-11-14 09:42:17 +0000 |
commit | 8ebc8fbee6d8e9efd947952d8abe2b71d4fe1470 (patch) | |
tree | b8ebfcb4401114304502df22a79506cc59c30c76 | |
parent | 8bc319ceb0b47ef659f801729dac13ae683d8271 (diff) | |
parent | 75a8fbd61d895306cfea50335e85ba1611d70b9d (diff) | |
download | sepolicy-8ebc8fbee6d8e9efd947952d8abe2b71d4fe1470.tar.gz |
Merge "Revert "Add permission for VFIO device binding am: 901385f711"" into udc-dev
-rw-r--r-- | apex/com.android.virt-file_contexts | 1 | ||||
-rw-r--r-- | build/soong/service_fuzzer_bindings.go | 2 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/coredomain.te | 1 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/crosvm.te | 8 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/file_contexts | 1 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/service.te | 1 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/service_contexts | 1 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/vfio_handler.te | 24 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/virtualizationmanager.te | 4 | ||||
-rw-r--r-- | prebuilts/api/34.0/private/virtualizationservice.te | 15 | ||||
-rw-r--r-- | prebuilts/api/34.0/public/device.te | 3 | ||||
-rw-r--r-- | private/coredomain.te | 1 | ||||
-rw-r--r-- | private/crosvm.te | 8 | ||||
-rw-r--r-- | private/file_contexts | 1 | ||||
-rw-r--r-- | private/service.te | 1 | ||||
-rw-r--r-- | private/service_contexts | 1 | ||||
-rw-r--r-- | private/vfio_handler.te | 24 | ||||
-rw-r--r-- | private/virtualizationmanager.te | 4 | ||||
-rw-r--r-- | private/virtualizationservice.te | 15 | ||||
-rw-r--r-- | public/device.te | 3 |
20 files changed, 0 insertions, 119 deletions
diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts index afe9f51c4..9c13bd5cb 100644 --- a/apex/com.android.virt-file_contexts +++ b/apex/com.android.virt-file_contexts @@ -3,4 +3,3 @@ /bin/fd_server u:object_r:fd_server_exec:s0 /bin/virtmgr u:object_r:virtualizationmanager_exec:s0 /bin/virtualizationservice u:object_r:virtualizationservice_exec:s0 -/bin/vfio_handler u:object_r:vfio_handler_exec:s0 diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go index 269233ad5..0d0fa76f8 100644 --- a/build/soong/service_fuzzer_bindings.go +++ b/build/soong/service_fuzzer_bindings.go @@ -167,9 +167,7 @@ var ( "android.security.metrics": EXCEPTION_NO_FUZZER, "android.service.gatekeeper.IGateKeeperService": EXCEPTION_NO_FUZZER, "android.system.composd": EXCEPTION_NO_FUZZER, - // TODO(b/294158658): add fuzzer "android.system.virtualizationservice": EXCEPTION_NO_FUZZER, - "android.system.virtualizationservice_internal.IVfioHandler": EXCEPTION_NO_FUZZER, "ambient_context": EXCEPTION_NO_FUZZER, "app_binding": EXCEPTION_NO_FUZZER, "app_hibernation": EXCEPTION_NO_FUZZER, diff --git a/prebuilts/api/34.0/private/coredomain.te b/prebuilts/api/34.0/private/coredomain.te index f9b47dfb8..83930a50a 100644 --- a/prebuilts/api/34.0/private/coredomain.te +++ b/prebuilts/api/34.0/private/coredomain.te @@ -150,7 +150,6 @@ full_treble_only(` -apexd -init -ueventd - -vfio_handler -vold } sysfs:file no_rw_file_perms; diff --git a/prebuilts/api/34.0/private/crosvm.te b/prebuilts/api/34.0/private/crosvm.te index 31d6c1992..f1012b79b 100644 --- a/prebuilts/api/34.0/private/crosvm.te +++ b/prebuilts/api/34.0/private/crosvm.te @@ -91,14 +91,6 @@ allow crosvm port:tcp_socket name_bind; allow crosvm adbd:unix_stream_socket ioctl; allow crosvm node:tcp_socket node_bind; -# Allow crosvm to interact to VFIO device -allow crosvm vfio_device:chr_file rw_file_perms; -allow crosvm vfio_device:dir r_dir_perms; - -# Allow crosvm to access VM DTBO via a pipe created by vfio handler. -allow crosvm vfio_handler:fd use; -allow crosvm vfio_handler:fifo_file r_file_perms; - # Don't allow crosvm to open files that it doesn't own. # This is important because a malicious application could try to start a VM with a composite disk # image referring by name to files which it doesn't have permission to open, trying to get crosvm to diff --git a/prebuilts/api/34.0/private/file_contexts b/prebuilts/api/34.0/private/file_contexts index f18b6dd31..258c6b456 100644 --- a/prebuilts/api/34.0/private/file_contexts +++ b/prebuilts/api/34.0/private/file_contexts @@ -191,7 +191,6 @@ /dev/urandom u:object_r:random_device:s0 /dev/usb_accessory u:object_r:usbaccessory_device:s0 /dev/v4l-touch[0-9]* u:object_r:input_device:s0 -/dev/vfio(/.*)? u:object_r:vfio_device:s0 /dev/vhost-vsock u:object_r:kvm_device:s0 /dev/video[0-9]* u:object_r:video_device:s0 /dev/vndbinder u:object_r:vndbinder_device:s0 diff --git a/prebuilts/api/34.0/private/service.te b/prebuilts/api/34.0/private/service.te index 06b03e091..3717150de 100644 --- a/prebuilts/api/34.0/private/service.te +++ b/prebuilts/api/34.0/private/service.te @@ -20,6 +20,5 @@ type statscompanion_service, system_server_service, service_manager_type; type statsmanager_service, system_api_service, system_server_service, service_manager_type; type tracingproxy_service, system_server_service, service_manager_type; type transparency_service, system_server_service, service_manager_type; -type vfio_handler_service, service_manager_type; type uce_service, service_manager_type; type wearable_sensing_service, system_api_service, system_server_service, service_manager_type; diff --git a/prebuilts/api/34.0/private/service_contexts b/prebuilts/api/34.0/private/service_contexts index 0f63e3950..3bb9c8502 100644 --- a/prebuilts/api/34.0/private/service_contexts +++ b/prebuilts/api/34.0/private/service_contexts @@ -144,7 +144,6 @@ android.security.metrics u:object_r:keystore_metrics_service:s0 android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0 android.system.composd u:object_r:compos_service:s0 android.system.virtualizationservice u:object_r:virtualization_service:s0 -android.system.virtualizationservice_internal.IVfioHandler u:object_r:vfio_handler_service:s0 ambient_context u:object_r:ambient_context_service:s0 app_binding u:object_r:app_binding_service:s0 app_hibernation u:object_r:app_hibernation_service:s0 diff --git a/prebuilts/api/34.0/private/vfio_handler.te b/prebuilts/api/34.0/private/vfio_handler.te deleted file mode 100644 index 706a6ca22..000000000 --- a/prebuilts/api/34.0/private/vfio_handler.te +++ /dev/null @@ -1,24 +0,0 @@ -# vfio_handler is a helper service for VFIO tasks, like binding platform devices to VFIO driver. -# vfio_handler is separate from virtualizationservice as VFIO tasks require root. -type vfio_handler, domain, coredomain; -type vfio_handler_exec, system_file_type, exec_type, file_type; - -# When init runs a file labelled with vfio_handler_exec, run it in the vfio_handler domain. -init_daemon_domain(vfio_handler) - -# Let the vfio_handler domain register the vfio_handler_service with ServiceManager. -add_service(vfio_handler, vfio_handler_service) - -# Let the vfio_handler domain use Binder. -binder_use(vfio_handler) - -# Allow vfio_handler to check if VFIO is supported -allow vfio_handler vfio_device:chr_file getattr; -allow vfio_handler vfio_device:dir r_dir_perms; - -# Allow vfio_handler to bind/unbind platform devices -allow vfio_handler sysfs:dir r_dir_perms; -allow vfio_handler sysfs:file rw_file_perms; - -# Only vfio_handler can add vfio_handler_service -neverallow { domain -vfio_handler } vfio_handler_service:service_manager add; diff --git a/prebuilts/api/34.0/private/virtualizationmanager.te b/prebuilts/api/34.0/private/virtualizationmanager.te index 70338ff1a..bfad8e71f 100644 --- a/prebuilts/api/34.0/private/virtualizationmanager.te +++ b/prebuilts/api/34.0/private/virtualizationmanager.te @@ -86,7 +86,3 @@ r_dir_file(virtualizationmanager, crosvm); # For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers # a harmless denial for CompOS log files, so ignore that. dontaudit virtualizationmanager apex_module_data_file:dir search; - -# Allow virtualizationmanager to access VM DTBO via a pipe created by vfio handler. -allow virtualizationmanager vfio_handler:fd use; -allow virtualizationmanager vfio_handler:fifo_file r_file_perms; diff --git a/prebuilts/api/34.0/private/virtualizationservice.te b/prebuilts/api/34.0/private/virtualizationservice.te index a4588dc9f..561e7788d 100644 --- a/prebuilts/api/34.0/private/virtualizationservice.te +++ b/prebuilts/api/34.0/private/virtualizationservice.te @@ -15,10 +15,6 @@ binder_use(virtualizationservice) # Let the virtualizationservice domain register the virtualization_service with ServiceManager. add_service(virtualizationservice, virtualization_service) -# Let virtualizationservice find and communicate with vfio_handler. -allow virtualizationservice vfio_handler_service:service_manager find; -binder_call(virtualizationservice, vfio_handler) - # Allow calling into the system server to find "permission_service". binder_call(virtualizationservice, system_server) allow virtualizationservice permission_service:service_manager find; @@ -58,14 +54,6 @@ unix_socket_connect(virtualizationservice, tombstoned_crash, tombstoned) allow virtualizationservice tombstone_data_file:file { append getattr }; allow virtualizationservice tombstoned:fd use; -# Allow virtualizationservice to check if VFIO is supported -allow virtualizationservice vfio_device:chr_file getattr; -allow virtualizationservice vfio_device:dir r_dir_perms; - -# Allow virtualizationservice to access VM DTBO via a pipe created by vfio handler. -allow virtualizationservice vfio_handler:fd use; -allow virtualizationservice vfio_handler:fifo_file r_file_perms; - neverallow { domain -init @@ -84,6 +72,3 @@ neverallow virtualizationservice { -virtualizationmanager -virtualizationservice }:process setrlimit; - -# Only virtualizationservice can communicate to vfio_handler -neverallow { domain -virtualizationservice -servicemanager } vfio_handler:binder call; diff --git a/prebuilts/api/34.0/public/device.te b/prebuilts/api/34.0/public/device.te index 36299d38c..fa292565e 100644 --- a/prebuilts/api/34.0/public/device.te +++ b/prebuilts/api/34.0/public/device.te @@ -129,6 +129,3 @@ type userdata_sysdev, dev_type; # Root disk file for disk tunables type rootdisk_sysdev, dev_type; - -# vfio device -type vfio_device, dev_type; diff --git a/private/coredomain.te b/private/coredomain.te index f9b47dfb8..83930a50a 100644 --- a/private/coredomain.te +++ b/private/coredomain.te @@ -150,7 +150,6 @@ full_treble_only(` -apexd -init -ueventd - -vfio_handler -vold } sysfs:file no_rw_file_perms; diff --git a/private/crosvm.te b/private/crosvm.te index 31d6c1992..f1012b79b 100644 --- a/private/crosvm.te +++ b/private/crosvm.te @@ -91,14 +91,6 @@ allow crosvm port:tcp_socket name_bind; allow crosvm adbd:unix_stream_socket ioctl; allow crosvm node:tcp_socket node_bind; -# Allow crosvm to interact to VFIO device -allow crosvm vfio_device:chr_file rw_file_perms; -allow crosvm vfio_device:dir r_dir_perms; - -# Allow crosvm to access VM DTBO via a pipe created by vfio handler. -allow crosvm vfio_handler:fd use; -allow crosvm vfio_handler:fifo_file r_file_perms; - # Don't allow crosvm to open files that it doesn't own. # This is important because a malicious application could try to start a VM with a composite disk # image referring by name to files which it doesn't have permission to open, trying to get crosvm to diff --git a/private/file_contexts b/private/file_contexts index f18b6dd31..258c6b456 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -191,7 +191,6 @@ /dev/urandom u:object_r:random_device:s0 /dev/usb_accessory u:object_r:usbaccessory_device:s0 /dev/v4l-touch[0-9]* u:object_r:input_device:s0 -/dev/vfio(/.*)? u:object_r:vfio_device:s0 /dev/vhost-vsock u:object_r:kvm_device:s0 /dev/video[0-9]* u:object_r:video_device:s0 /dev/vndbinder u:object_r:vndbinder_device:s0 diff --git a/private/service.te b/private/service.te index 06b03e091..3717150de 100644 --- a/private/service.te +++ b/private/service.te @@ -20,6 +20,5 @@ type statscompanion_service, system_server_service, service_manager_type; type statsmanager_service, system_api_service, system_server_service, service_manager_type; type tracingproxy_service, system_server_service, service_manager_type; type transparency_service, system_server_service, service_manager_type; -type vfio_handler_service, service_manager_type; type uce_service, service_manager_type; type wearable_sensing_service, system_api_service, system_server_service, service_manager_type; diff --git a/private/service_contexts b/private/service_contexts index 0f63e3950..3bb9c8502 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -144,7 +144,6 @@ android.security.metrics u:object_r:keystore_metrics_service:s0 android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0 android.system.composd u:object_r:compos_service:s0 android.system.virtualizationservice u:object_r:virtualization_service:s0 -android.system.virtualizationservice_internal.IVfioHandler u:object_r:vfio_handler_service:s0 ambient_context u:object_r:ambient_context_service:s0 app_binding u:object_r:app_binding_service:s0 app_hibernation u:object_r:app_hibernation_service:s0 diff --git a/private/vfio_handler.te b/private/vfio_handler.te deleted file mode 100644 index 706a6ca22..000000000 --- a/private/vfio_handler.te +++ /dev/null @@ -1,24 +0,0 @@ -# vfio_handler is a helper service for VFIO tasks, like binding platform devices to VFIO driver. -# vfio_handler is separate from virtualizationservice as VFIO tasks require root. -type vfio_handler, domain, coredomain; -type vfio_handler_exec, system_file_type, exec_type, file_type; - -# When init runs a file labelled with vfio_handler_exec, run it in the vfio_handler domain. -init_daemon_domain(vfio_handler) - -# Let the vfio_handler domain register the vfio_handler_service with ServiceManager. -add_service(vfio_handler, vfio_handler_service) - -# Let the vfio_handler domain use Binder. -binder_use(vfio_handler) - -# Allow vfio_handler to check if VFIO is supported -allow vfio_handler vfio_device:chr_file getattr; -allow vfio_handler vfio_device:dir r_dir_perms; - -# Allow vfio_handler to bind/unbind platform devices -allow vfio_handler sysfs:dir r_dir_perms; -allow vfio_handler sysfs:file rw_file_perms; - -# Only vfio_handler can add vfio_handler_service -neverallow { domain -vfio_handler } vfio_handler_service:service_manager add; diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te index 70338ff1a..bfad8e71f 100644 --- a/private/virtualizationmanager.te +++ b/private/virtualizationmanager.te @@ -86,7 +86,3 @@ r_dir_file(virtualizationmanager, crosvm); # For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers # a harmless denial for CompOS log files, so ignore that. dontaudit virtualizationmanager apex_module_data_file:dir search; - -# Allow virtualizationmanager to access VM DTBO via a pipe created by vfio handler. -allow virtualizationmanager vfio_handler:fd use; -allow virtualizationmanager vfio_handler:fifo_file r_file_perms; diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te index a4588dc9f..561e7788d 100644 --- a/private/virtualizationservice.te +++ b/private/virtualizationservice.te @@ -15,10 +15,6 @@ binder_use(virtualizationservice) # Let the virtualizationservice domain register the virtualization_service with ServiceManager. add_service(virtualizationservice, virtualization_service) -# Let virtualizationservice find and communicate with vfio_handler. -allow virtualizationservice vfio_handler_service:service_manager find; -binder_call(virtualizationservice, vfio_handler) - # Allow calling into the system server to find "permission_service". binder_call(virtualizationservice, system_server) allow virtualizationservice permission_service:service_manager find; @@ -58,14 +54,6 @@ unix_socket_connect(virtualizationservice, tombstoned_crash, tombstoned) allow virtualizationservice tombstone_data_file:file { append getattr }; allow virtualizationservice tombstoned:fd use; -# Allow virtualizationservice to check if VFIO is supported -allow virtualizationservice vfio_device:chr_file getattr; -allow virtualizationservice vfio_device:dir r_dir_perms; - -# Allow virtualizationservice to access VM DTBO via a pipe created by vfio handler. -allow virtualizationservice vfio_handler:fd use; -allow virtualizationservice vfio_handler:fifo_file r_file_perms; - neverallow { domain -init @@ -84,6 +72,3 @@ neverallow virtualizationservice { -virtualizationmanager -virtualizationservice }:process setrlimit; - -# Only virtualizationservice can communicate to vfio_handler -neverallow { domain -virtualizationservice -servicemanager } vfio_handler:binder call; diff --git a/public/device.te b/public/device.te index 36299d38c..fa292565e 100644 --- a/public/device.te +++ b/public/device.te @@ -129,6 +129,3 @@ type userdata_sysdev, dev_type; # Root disk file for disk tunables type rootdisk_sysdev, dev_type; - -# vfio device -type vfio_device, dev_type; |