11fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# 21fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# System Server aka system_server spawned by zygote. 31fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# Most of the framework services run in this process. 41fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# 51ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleytype system_server, domain, mlstrustedsubject; 61ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 7e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1Stephen Smalley# Define a type for tmpfs-backed ashmem regions. 8e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1Stephen Smalleytmpfs_domain(system_server) 9e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1Stephen Smalley 101ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Dalvik Compiler JIT Mapping. 111ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server self:process execmem; 12e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1Stephen Smalleyallow system_server ashmem_device:chr_file execute; 13e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1Stephen Smalleyallow system_server system_server_tmpfs:file execute; 141ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 15527316a21b80c2a70d8ed23351299a4dce0c77bfStephen Smalley# For art. 16527316a21b80c2a70d8ed23351299a4dce0c77bfStephen Smalleyallow system_server dalvikcache_data_file:file execute; 173af8c9d0ef0e4385f69a1a50dd04a010a76c6b19Fyodor Kupolovallow system_server dalvikcache_data_file:dir r_dir_perms; 18527316a21b80c2a70d8ed23351299a4dce0c77bfStephen Smalley 19fad4d5fb00ddb1f61c22c003429e10f10b046d0dNick Kralevich# /data/resource-cache 20fad4d5fb00ddb1f61c22c003429e10f10b046d0dNick Kralevichallow system_server resourcecache_data_file:file r_file_perms; 21fad4d5fb00ddb1f61c22c003429e10f10b046d0dNick Kralevichallow system_server resourcecache_data_file:dir r_dir_perms; 22fad4d5fb00ddb1f61c22c003429e10f10b046d0dNick Kralevich 233dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# ptrace to processes in the same domain for debugging crashes. 243dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server self:process ptrace; 253dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley 261ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Child of the zygote. 271ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server zygote:fd use; 281ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server zygote:process sigchld; 291ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server zygote_tmpfs:file read; 301ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 313dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# May kill zygote on crashes. 323dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server zygote:process sigkill; 333dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley 343dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# Read /system/bin/app_process. 353dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server zygote_exec:file r_file_perms; 363dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley 3763b98b17e41b74a7595dc80e1958550cf6b887d1Nick Kralevich# Needed to close the zygote socket, which involves getopt / getattr 3863b98b17e41b74a7595dc80e1958550cf6b887d1Nick Kralevichallow system_server zygote:unix_stream_socket { getopt getattr }; 3963b98b17e41b74a7595dc80e1958550cf6b887d1Nick Kralevich 401ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# system server gets network and bluetooth permissions. 411ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleynet_domain(system_server) 421ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleybluetooth_domain(system_server) 431fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin 441fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# These are the capabilities assigned by the zygote to the 451fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# system server. 461fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubinallow system_server self:capability { 471fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin kill 481fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin net_admin 491fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin net_bind_service 501fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin net_broadcast 511fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin net_raw 521fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin sys_boot 531fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin sys_nice 541fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin sys_resource 551fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin sys_time 561fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin sys_tty_config 571fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin}; 581fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin 598599e34b95705638034b798c56bc2cc8bb2e6372Nick Kralevichwakelock_use(system_server) 6013e44ec74d326463213c4c01963c776a699467cbNick Kralevich 611ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Triggered by /proc/pid accesses, not allowed. 621ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleydontaudit system_server self:capability sys_ptrace; 631ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 641ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Trigger module auto-load. 651ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server kernel:system module_request; 661ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 671ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Use netlink uevent sockets. 681601132086b054adc70e7f8f38ed24574c90bc37Stephen Smalleyallow system_server self:netlink_kobject_uevent_socket create_socket_perms; 691ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 703dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# Use generic netlink sockets. 713dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server self:netlink_socket create_socket_perms; 723dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley 73997461bda5aaedeabf48021e3291293e48501ef7Sreeram Ramachandran# Set and get routes directly via netlink. 74997461bda5aaedeabf48021e3291293e48501ef7Sreeram Ramachandranallow system_server self:netlink_route_socket nlmsg_write; 75997461bda5aaedeabf48021e3291293e48501ef7Sreeram Ramachandran 761ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Kill apps. 771ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server appdomain:process { sigkill signal }; 781ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 791ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Set scheduling info for apps. 801ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server appdomain:process { getsched setsched }; 811ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server mediaserver:process { getsched setsched }; 821ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 838c6552acfba677442d565a0c7f8e44f5f2af57f2Nick Kralevich# Read /proc/pid data for all domains. This is used by ProcessCpuTracker 848c6552acfba677442d565a0c7f8e44f5f2af57f2Nick Kralevich# within system_server to keep track of memory and CPU usage for 858c6552acfba677442d565a0c7f8e44f5f2af57f2Nick Kralevich# all processes on the device. 868c6552acfba677442d565a0c7f8e44f5f2af57f2Nick Kralevichr_dir_file(system_server, domain) 87c18121811c59335b4b59e8ffc52179ad6049640bStephen Smalley 881ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid. 891ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server qtaguid_proc:file rw_file_perms; 901ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server qtaguid_device:chr_file rw_file_perms; 911ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 923526a6696fdc2b7d3b7a8fe452ce8b287160c42bAdam Lesinski# Read /proc/uid_cputime/show_uid_stat. 933526a6696fdc2b7d3b7a8fe452ce8b287160c42bAdam Lesinskiallow system_server proc_uid_cputime_showstat:file r_file_perms; 943526a6696fdc2b7d3b7a8fe452ce8b287160c42bAdam Lesinski 953526a6696fdc2b7d3b7a8fe452ce8b287160c42bAdam Lesinski# Write /proc/uid_cputime/remove_uid_range. 963526a6696fdc2b7d3b7a8fe452ce8b287160c42bAdam Lesinskiallow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr }; 973526a6696fdc2b7d3b7a8fe452ce8b287160c42bAdam Lesinski 983dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# Write to /proc/sysrq-trigger. 993dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server proc_sysrq:file rw_file_perms; 1003dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley 1011ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Read /sys/kernel/debug/wakeup_sources. 1021ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server debugfs:file r_file_perms; 1031ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1041ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# WifiWatchdog uses a packet_socket 1051601132086b054adc70e7f8f38ed24574c90bc37Stephen Smalleyallow system_server self:packet_socket create_socket_perms; 1061ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1071ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# 3rd party VPN clients require a tun_socket to be created 1081601132086b054adc70e7f8f38ed24574c90bc37Stephen Smalleyallow system_server self:tun_socket create_socket_perms; 1091ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1101ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Notify init of death. 1111ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server init:process sigchld; 1121ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1131ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Talk to init and various daemons via sockets. 1141ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_connect(system_server, installd, installd) 1152b392fccf35c790bdc55bdce51a196f4953644ceNick Kralevichunix_socket_connect(system_server, lmkd, lmkd) 1163dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyunix_socket_connect(system_server, mtpd, mtp) 1171ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_connect(system_server, netd, netd) 1181ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_connect(system_server, vold, vold) 1191ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_connect(system_server, zygote, zygote) 1201ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_connect(system_server, gps, gpsd) 1211ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_connect(system_server, racoon, racoon) 1221ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyunix_socket_send(system_server, wpa, wpa) 1231ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1241ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Communicate over a socket created by surfaceflinger. 1251ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server surfaceflinger:unix_stream_socket { read write setopt }; 1261ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1271ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Perform Binder IPC. 1281ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleybinder_use(system_server) 1291ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleybinder_call(system_server, binderservicedomain) 1302234f9ff579f9e928d868372f5bd7499e2da7bd1Nick Kralevichbinder_call(system_server, gatekeeperd) 131264eb6566ae75ba1ae37835f0ba83f951550fe85Jim Millerbinder_call(system_server, fingerprintd) 1321ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleybinder_call(system_server, appdomain) 133208deb335719280c11ab0e6aa033bfd33629320aStephen Smalleybinder_call(system_server, dumpstate) 1341ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleybinder_service(system_server) 1351ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 136ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley# Ask debuggerd to dump backtraces for native stacks of interest. 137ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalleyallow system_server { mediaserver sdcardd surfaceflinger inputflinger }:debuggerd dump_backtrace; 138ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley 139c18121811c59335b4b59e8ffc52179ad6049640bStephen Smalley# Read /proc/pid files for dumping stack traces of native processes. 1401ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyr_dir_file(system_server, mediaserver) 141c18121811c59335b4b59e8ffc52179ad6049640bStephen Smalleyr_dir_file(system_server, sdcardd) 142c18121811c59335b4b59e8ffc52179ad6049640bStephen Smalleyr_dir_file(system_server, surfaceflinger) 143e06e53638808ec0d14aaee701590fdc93cfd3150Stephen Smalleyr_dir_file(system_server, inputflinger) 1441ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1453dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# Use sockets received over binder from various services. 1463dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server mediaserver:tcp_socket rw_socket_perms; 1473dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server mediaserver:udp_socket rw_socket_perms; 1483dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley 1491ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Check SELinux permissions. 1501ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyselinux_check_access(system_server) 1511ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1521ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# XXX Label sysfs files with a specific type? 1531ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server sysfs:file rw_file_perms; 1541ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server sysfs_nfc_power_writable:file rw_file_perms; 15513d5886363675915e5115ccc0a95ca5d7776730bRuchi Kandoiallow system_server sysfs_devices_system_cpu:file w_file_perms; 1561ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1571ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Access devices. 1581ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server device:dir r_dir_perms; 1591ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server mdns_socket:sock_file rw_file_perms; 1601ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server alarm_device:chr_file rw_file_perms; 1613ba9012535d8412d94db4ae9a5ce928b806e26d8Stephen Smalleyallow system_server gpu_device:chr_file rw_file_perms; 1621ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server iio_device:chr_file rw_file_perms; 1631ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server input_device:dir r_dir_perms; 1641ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server input_device:chr_file rw_file_perms; 1653dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server radio_device:chr_file r_file_perms; 1661ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server tty_device:chr_file rw_file_perms; 1671ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server usbaccessory_device:chr_file rw_file_perms; 16837339c763e9082573fcc86e14a6fb9d2d4b9d20cNick Kralevichallow system_server video_device:dir r_dir_perms; 1691ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server video_device:chr_file rw_file_perms; 1701ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server adbd_socket:sock_file rw_file_perms; 171807d8d0249f196e172f30b96b48699e3b10a3866dcashmanallow system_server rtc_device:chr_file rw_file_perms; 17204e730b635d961f1610886e96622214b9a5e40d4Nick Kralevichallow system_server audio_device:dir r_dir_perms; 173fba17fd2f413e8fc376752d9c9ef6d7d924bd6a4Mike Lockwood 174fba17fd2f413e8fc376752d9c9ef6d7d924bd6a4Mike Lockwood# write access needed for MIDI 175fba17fd2f413e8fc376752d9c9ef6d7d924bd6a4Mike Lockwoodallow system_server audio_device:chr_file rw_file_perms; 1761ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 1771ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# tun device used for 3rd party vpn apps 1781ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server tun_device:chr_file rw_file_perms; 1791ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 180538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage system data files. 181538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server system_data_file:dir create_dir_perms; 182538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server system_data_file:notdevfile_class_set create_file_perms; 18351bfecf49d50982f64aba1fa73bbbdd2e40a444fRobin Leeallow system_server keychain_data_file:dir create_dir_perms; 18451bfecf49d50982f64aba1fa73bbbdd2e40a444fRobin Leeallow system_server keychain_data_file:file create_file_perms; 185538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 186538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/app. 187538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server apk_data_file:dir create_dir_perms; 1889bef25026b43ccfb656a3a53b74a787ca3376227Nick Kralevichallow system_server apk_data_file:file { create_file_perms link }; 189be092af039148e3cadcd49ee7042b8f39c7e95a2Jeff Sharkeyallow system_server apk_tmp_file:dir create_dir_perms; 190538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server apk_tmp_file:file create_file_perms; 191538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 192538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/app-private. 193538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server apk_private_data_file:dir create_dir_perms; 194538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server apk_private_data_file:file create_file_perms; 195be092af039148e3cadcd49ee7042b8f39c7e95a2Jeff Sharkeyallow system_server apk_private_tmp_file:dir create_dir_perms; 196538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server apk_private_tmp_file:file create_file_perms; 197538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 198538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage files within asec containers. 199538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server asec_apk_file:dir create_dir_perms; 200538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server asec_apk_file:file create_file_perms; 201538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server asec_public_file:file create_file_perms; 202538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 203538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/anr. 204538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server anr_data_file:dir create_dir_perms; 205538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server anr_data_file:file create_file_perms; 206538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 207538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/backup. 208538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server backup_data_file:dir create_dir_perms; 209538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server backup_data_file:file create_file_perms; 210538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 211867030517724036b64fcaf39deaba1b27f3ca77eNick Kralevich# Read from /data/dalvik-cache/profiles 212a76d9ddf6bf8f0ee0768a2129fa7606f66b0b510Nick Kralevichallow system_server dalvikcache_profiles_data_file:dir rw_dir_perms; 213867030517724036b64fcaf39deaba1b27f3ca77eNick Kralevichallow system_server dalvikcache_profiles_data_file:file create_file_perms; 214867030517724036b64fcaf39deaba1b27f3ca77eNick Kralevich 2158a06c07724ad538d6c2f1d703fec88929c118894Nick Kralevich# Write to /data/system/heapdump 2168a06c07724ad538d6c2f1d703fec88929c118894Nick Kralevichallow system_server heapdump_data_file:dir rw_dir_perms; 2178a06c07724ad538d6c2f1d703fec88929c118894Nick Kralevichallow system_server heapdump_data_file:file create_file_perms; 2188a06c07724ad538d6c2f1d703fec88929c118894Nick Kralevich 219538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/misc/adb. 220538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server adb_keys_file:dir create_dir_perms; 221538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server adb_keys_file:file create_file_perms; 222538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 223538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/misc/sms. 224538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# TODO: Split into a separate type? 225538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server radio_data_file:dir create_dir_perms; 226538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server radio_data_file:file create_file_perms; 227538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 228538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/misc/systemkeys. 229538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server systemkeys_data_file:dir create_dir_perms; 230538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server systemkeys_data_file:file create_file_perms; 231538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 232782e084dc249ec96a4659c523ffc6a53ee46abb1Stephen Smalley# Access /data/tombstones. 233782e084dc249ec96a4659c523ffc6a53ee46abb1Stephen Smalleyallow system_server tombstone_data_file:dir r_dir_perms; 234782e084dc249ec96a4659c523ffc6a53ee46abb1Stephen Smalleyallow system_server tombstone_data_file:file r_file_perms; 235782e084dc249ec96a4659c523ffc6a53ee46abb1Stephen Smalley 236538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/misc/vpn. 237538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server vpn_data_file:dir create_dir_perms; 238538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server vpn_data_file:file create_file_perms; 239538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 240538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/misc/wifi. 241538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server wifi_data_file:dir create_dir_perms; 242538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server wifi_data_file:file create_file_perms; 243538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 244538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Manage /data/misc/zoneinfo. 245538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server zoneinfo_data_file:dir create_dir_perms; 246538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server zoneinfo_data_file:file create_file_perms; 247538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 248538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Walk /data/data subdirectories. 249538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Types extracted from seapp_contexts type= fields. 250538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { getattr read search }; 251f85c1fc293523db241c48d815b165067b8a0f471Stephen Smalley# Also permit for unlabeled /data/data subdirectories and 252f85c1fc293523db241c48d815b165067b8a0f471Stephen Smalley# for unlabeled asec containers on upgrades from 4.2. 253f85c1fc293523db241c48d815b165067b8a0f471Stephen Smalleyallow system_server unlabeled:dir r_dir_perms; 254f85c1fc293523db241c48d815b165067b8a0f471Stephen Smalley# Read pkg.apk file before it has been relabeled by vold. 255f85c1fc293523db241c48d815b165067b8a0f471Stephen Smalleyallow system_server unlabeled:file r_file_perms; 256538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 257538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Populate com.android.providers.settings/databases/settings.db. 258538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server system_app_data_file:dir create_dir_perms; 259538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server system_app_data_file:file create_file_perms; 260538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley 261538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Receive and use open app data files passed over binder IPC. 262538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalley# Types extracted from seapp_contexts type= fields. 263538edd3317fd56d6d1871aebe83f0636946fbc94Stephen Smalleyallow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:file { getattr read write }; 2641ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2652cc6d63d5d88824527a7fd89a0cacf5702109eaeStephen Smalley# Receive and use open /data/media files passed over binder IPC. 2662cc6d63d5d88824527a7fd89a0cacf5702109eaeStephen Smalleyallow system_server media_rw_data_file:file { getattr read write }; 2672cc6d63d5d88824527a7fd89a0cacf5702109eaeStephen Smalley 2681ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Read /file_contexts and /data/security/file_contexts 2691ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleysecurity_access_policy(system_server) 2701ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2711ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Relabel apk files. 272be092af039148e3cadcd49ee7042b8f39c7e95a2Jeff Sharkeyallow system_server { apk_tmp_file apk_private_tmp_file }:{ dir file } { relabelfrom relabelto }; 273be092af039148e3cadcd49ee7042b8f39c7e95a2Jeff Sharkeyallow system_server { apk_data_file apk_private_data_file }:{ dir file } { relabelfrom relabelto }; 2741ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2751ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Relabel wallpaper. 2761ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server system_data_file:file relabelfrom; 2771ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server wallpaper_file:file relabelto; 2783dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server wallpaper_file:file { rw_file_perms unlink }; 2791ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2801ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Relabel /data/anr. 2811ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server system_data_file:dir relabelfrom; 2821ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server anr_data_file:dir relabelto; 2831ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2841ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Property Service write 2852f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, system_prop) 2862f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, dhcp_prop) 2872f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, net_radio_prop) 2882f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, system_radio_prop) 2892f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, debug_prop) 2902f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, powerctl_prop) 2912f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, fingerprint_prop) 2921ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2931ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# ctl interface 2942f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, ctl_default_prop) 2952f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, ctl_dhcp_pan_prop) 2962f5a6a96bdc284dc070a2c222243dd8e19edb9efWilliam Robertsset_prop(system_server, ctl_bugreport_prop) 2971ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 2981fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubin# Create a socket for receiving info from wpa. 2991fdee11df2552e29da0c48e3432f26f7a93e3bffAlex Klyubintype_transition system_server wifi_data_file:sock_file system_wpa_socket; 300418e2abd39a3c86c4f8c7fcac93a1a7beea7a092Stephen Smalleytype_transition system_server wpa_socket:sock_file system_wpa_socket; 301418e2abd39a3c86c4f8c7fcac93a1a7beea7a092Stephen Smalleyallow system_server wpa_socket:dir rw_dir_perms; 30245ba665cfcc5c2fc3242a013e6070c2bed860b0aStephen Smalleyallow system_server system_wpa_socket:sock_file create_file_perms; 30345ba665cfcc5c2fc3242a013e6070c2bed860b0aStephen Smalley 304c50bf17d4f4ae4615c9f189236f593db5ff21180Robert Craig# Remove sockets created by wpa_supplicant 305c50bf17d4f4ae4615c9f189236f593db5ff21180Robert Craigallow system_server wpa_socket:sock_file unlink; 306c50bf17d4f4ae4615c9f189236f593db5ff21180Robert Craig 30745ba665cfcc5c2fc3242a013e6070c2bed860b0aStephen Smalley# Create a socket for connections from debuggerd. 30845ba665cfcc5c2fc3242a013e6070c2bed860b0aStephen Smalleytype_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; 30945ba665cfcc5c2fc3242a013e6070c2bed860b0aStephen Smalleyallow system_server system_ndebug_socket:sock_file create_file_perms; 31045ba665cfcc5c2fc3242a013e6070c2bed860b0aStephen Smalley 3111ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Manage cache files. 3121ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server cache_file:dir { relabelfrom create_dir_perms }; 3131ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server cache_file:file { relabelfrom create_file_perms }; 31470c6dbf06cb06fc46d5143557ea960392849106dTao Baoallow system_server cache_file:fifo_file create_file_perms; 3151ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3161ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Run system programs, e.g. dexopt. 3171ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server system_file:file x_file_perms; 3181ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3191ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# LocationManager(e.g, GPS) needs to read and write 3201ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# to uart driver and ctrl proc entry 3211ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server gps_device:chr_file rw_file_perms; 3221ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server gps_control:file rw_file_perms; 3231ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3243dad7b611a448fa43a678ff760c23a00f387947eStephen Smalley# Allow system_server to use app-created sockets and pipes. 3253dad7b611a448fa43a678ff760c23a00f387947eStephen Smalleyallow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown }; 3260560e75e4f03e4637637de8512a4718fe7870df8Nick Kralevichallow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write }; 3271ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3281ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Allow abstract socket connection 3291ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server rild:unix_stream_socket connectto; 3301ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3311ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# BackupManagerService lets PMS create a data backup file 3321ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server cache_backup_file:file create_file_perms; 3331ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Relabel /data/backup 3341ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server backup_data_file:dir { relabelto relabelfrom }; 3351ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Relabel /cache/.*\.{data|restore} 3361ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server cache_backup_file:file { relabelto relabelfrom }; 3371ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# LocalTransport creates and relabels /cache/backup 3381ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server cache_backup_file:dir { relabelto relabelfrom create_dir_perms }; 3391ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3401ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Allow system to talk to usb device 3411ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server usb_device:chr_file rw_file_perms; 3421ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server usb_device:dir r_dir_perms; 3431ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3441ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley# Allow system to talk to sensors 3451ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalleyallow system_server sensors_device:chr_file rw_file_perms; 3461ff644112e260d2aab55e696b32350dcda0a99b8Stephen Smalley 3478d688315aeb053eadc2606badbe4ce52899bb694Alex Klyubin# Read from HW RNG (needed by EntropyMixer). 3488d688315aeb053eadc2606badbe4ce52899bb694Alex Klyubinallow system_server hw_random_device:chr_file r_file_perms; 3498d688315aeb053eadc2606badbe4ce52899bb694Alex Klyubin 350af47ebb67aa64d699615693bf4603ec173417175Stephen Smalley# Read and delete files under /dev/fscklogs. 351af47ebb67aa64d699615693bf4603ec173417175Stephen Smalleyr_dir_file(system_server, fscklogs) 352af47ebb67aa64d699615693bf4603ec173417175Stephen Smalleyallow system_server fscklogs:dir { write remove_name }; 353af47ebb67aa64d699615693bf4603ec173417175Stephen Smalleyallow system_server fscklogs:file unlink; 354a49ba927e39bb21f18f8340334cf5781e124eb3dStephen Smalley 355a49ba927e39bb21f18f8340334cf5781e124eb3dStephen Smalley# For SELinuxPolicyInstallReceiver 356a49ba927e39bb21f18f8340334cf5781e124eb3dStephen Smalleyselinux_manage_policy(system_server) 357959fdaaa25d7dbfad8a1900dfe9575f873cea649Stephen Smalley 3588ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# logd access, system_server inherit logd write socket 3598ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# (urge is to deprecate this long term) 3608ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynallow system_server zygote:unix_dgram_socket write; 3615467fce636d0cebb86f3684f7a69d883324384caNick Kralevich 362bafbf8133015204ac1b9116ccd4235e8a615895cStephen Smalley# Read from log daemon. 363bafbf8133015204ac1b9116ccd4235e8a615895cStephen Smalleyread_logd(system_server) 364bafbf8133015204ac1b9116ccd4235e8a615895cStephen Smalley 3655467fce636d0cebb86f3684f7a69d883324384caNick Kralevich# Be consistent with DAC permissions. Allow system_server to write to 3665467fce636d0cebb86f3684f7a69d883324384caNick Kralevich# /sys/module/lowmemorykiller/parameters/adj 3675467fce636d0cebb86f3684f7a69d883324384caNick Kralevich# /sys/module/lowmemorykiller/parameters/minfree 368335faf2b9b2d68d02223d1aedecf826bb9597f34Stephen Smalleyallow system_server sysfs_lowmemorykiller:file { getattr w_file_perms }; 369d331e00bd8101b5ab63e08822cdad7a223c2a5ddStephen Smalley 3703f3d6ffb7ee98116404e4a85ad027a98b70c2331Nick Kralevich# Read /sys/fs/pstore/console-ramoops 3713f3d6ffb7ee98116404e4a85ad027a98b70c2331Nick Kralevich# Don't worry about overly broad permissions for now, as there's 3723f3d6ffb7ee98116404e4a85ad027a98b70c2331Nick Kralevich# only one file in /sys/fs/pstore 3733f3d6ffb7ee98116404e4a85ad027a98b70c2331Nick Kralevichallow system_server pstorefs:dir r_dir_perms; 3743f3d6ffb7ee98116404e4a85ad027a98b70c2331Nick Kralevichallow system_server pstorefs:file r_file_perms; 3753f3d6ffb7ee98116404e4a85ad027a98b70c2331Nick Kralevich 37623f336156daf61ba07c024af2fe96994605f46ebdcashmanallow system_server drmserver_service:service_manager find; 377cd82557d4069c20bda8e18aa7f72fc0521a3ae32dcashmanallow system_server healthd_service:service_manager find; 378cd82557d4069c20bda8e18aa7f72fc0521a3ae32dcashmanallow system_server keystore_service:service_manager find; 379e207986ea08feebd04f32cd2beff0b1602d08074Andres Moralesallow system_server gatekeeper_service:service_manager find; 380264eb6566ae75ba1ae37835f0ba83f951550fe85Jim Millerallow system_server fingerprintd_service:service_manager find; 381cd82557d4069c20bda8e18aa7f72fc0521a3ae32dcashmanallow system_server mediaserver_service:service_manager find; 38223f336156daf61ba07c024af2fe96994605f46ebdcashmanallow system_server nfc_service:service_manager find; 383cd82557d4069c20bda8e18aa7f72fc0521a3ae32dcashmanallow system_server radio_service:service_manager find; 384cd82557d4069c20bda8e18aa7f72fc0521a3ae32dcashmanallow system_server system_server_service:service_manager { add find }; 385cd82557d4069c20bda8e18aa7f72fc0521a3ae32dcashmanallow system_server surfaceflinger_service:service_manager find; 3864a89cdfa89448c8660308a31bfcb517fffaa239edcashman 3871196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahnallow system_server keystore:keystore_key { 388eaa1a1e975627a00b09a84810d0aa77cfde1edd2Chad Brubaker get_state 3891196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn get 3901196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn insert 3911196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn delete 3921196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn exist 393eaa1a1e975627a00b09a84810d0aa77cfde1edd2Chad Brubaker list 3941196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn reset 3951196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn password 3961196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn lock 3971196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn unlock 398eaa1a1e975627a00b09a84810d0aa77cfde1edd2Chad Brubaker is_empty 3991196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn sign 4001196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn verify 4011196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn grant 4021196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn duplicate 4031196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn clear_uid 4048927772caa421f1c9ccc80337527e039353d65ddChad Brubaker add_auth 40577a824600bfe80abccc9fdcab8d1566380b43ce4Chad Brubaker user_changed 4061196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn}; 4071196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn 40847bd7300a522fb9c7e233b6d040533ad16708a0edcashman# Allow system server to search and write to the persistent factory reset 40947bd7300a522fb9c7e233b6d040533ad16708a0edcashman# protection partition. This block device does not get wiped in a factory reset. 410d8447fdfe1db8571158659bc2daf058335842a06Andres Moralesallow system_server block_device:dir search; 41147bd7300a522fb9c7e233b6d040533ad16708a0edcashmanallow system_server frp_block_device:blk_file rw_file_perms; 412d8447fdfe1db8571158659bc2daf058335842a06Andres Morales 4135d60f04e5d43d084992d59c38a631a034b88e715Colin Cross# Clean up old cgroups 4145d60f04e5d43d084992d59c38a631a034b88e715Colin Crossallow system_server cgroup:dir { remove_name rmdir }; 4155d60f04e5d43d084992d59c38a631a034b88e715Colin Cross 41681839dfb24094803125f7ac9d4844207b61569edEd Heyl# /oem access 4172380d05f9791b6789b81e28ca8841df1b8b62c6dNick Kralevichr_dir_file(system_server, oemfs) 41881839dfb24094803125f7ac9d4844207b61569edEd Heyl 419f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey# Allow resolving per-user storage symlinks 420f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkeyallow system_server { mnt_user_file storage_file }:dir { getattr search }; 421f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkeyallow system_server { mnt_user_file storage_file }:lnk_file { getattr read }; 422f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey 423f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey# Allow statfs() on storage devices, which happens fast enough that 424f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey# we shouldn't be killed during unsafe removal 425f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkeyallow system_server sdcard_type:dir { getattr search }; 426f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey 42773d9c2a97b232389ab1dd179ac72c2fbefc5482bJeff Sharkey# Traverse into expanded storage 42873d9c2a97b232389ab1dd179ac72c2fbefc5482bJeff Sharkeyallow system_server mnt_expand_file:dir r_dir_perms; 42973d9c2a97b232389ab1dd179ac72c2fbefc5482bJeff Sharkey 430a39b131e9db1fed7e5ce90174f19515f465c8739Jim Miller# Allow system process to relabel the fingerprint directory after mkdir 431a39b131e9db1fed7e5ce90174f19515f465c8739Jim Millerallow system_server fingerprintd_data_file:dir {r_dir_perms relabelto}; 432a39b131e9db1fed7e5ce90174f19515f465c8739Jim Miller 433d331e00bd8101b5ab63e08822cdad7a223c2a5ddStephen Smalley### 434d331e00bd8101b5ab63e08822cdad7a223c2a5ddStephen Smalley### Neverallow rules 435d331e00bd8101b5ab63e08822cdad7a223c2a5ddStephen Smalley### 436d331e00bd8101b5ab63e08822cdad7a223c2a5ddStephen Smalley### system_server should NEVER do any of this 437d331e00bd8101b5ab63e08822cdad7a223c2a5ddStephen Smalley 438f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey# Do not allow opening files from external storage as unsafe ejection 439f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkey# could cause the kernel to kill the system_server. 440f063f461a9e5b6049f3516e48806b6a87848ac1aJeff Sharkeyneverallow system_server sdcard_type:dir { open read write }; 441d00eff47fe1f0b73dce96241ac348599f7d8e41cNick Kralevichneverallow system_server sdcard_type:file rw_file_perms; 442b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevich 443b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevich# system server should never be opening zygote spawned app data 444b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevich# files directly. Rather, they should always be passed via a 445b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevich# file descriptor. 446b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevich# Types extracted from seapp_contexts type= fields, excluding 447b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevich# those types that system_server needs to open directly. 448b519949df150ebe4fc9bf3db52542bb5d9238d4eNick Kralevichneverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open; 449361cdaff3096fafc16bbe88b84d6f99f7944def7Nick Kralevich 450361cdaff3096fafc16bbe88b84d6f99f7944def7Nick Kralevich# system_server should never be executing dex2oat. This is either 451361cdaff3096fafc16bbe88b84d6f99f7944def7Nick Kralevich# a bug (for example, bug 16317188), or represents an attempt by 452361cdaff3096fafc16bbe88b84d6f99f7944def7Nick Kralevich# system server to dynamically load a dex file, something we do not 453361cdaff3096fafc16bbe88b84d6f99f7944def7Nick Kralevich# want to allow. 454361cdaff3096fafc16bbe88b84d6f99f7944def7Nick Kralevichneverallow system_server dex2oat_exec:file no_x_file_perms; 455acc0842c4bed8690fe29858070215d7a74f4a44bNick Kralevich 456acc0842c4bed8690fe29858070215d7a74f4a44bNick Kralevich# The only block device system_server should be accessing is 457acc0842c4bed8690fe29858070215d7a74f4a44bNick Kralevich# the frp_block_device. This helps avoid a system_server to root 458acc0842c4bed8690fe29858070215d7a74f4a44bNick Kralevich# escalation by writing to raw block devices. 459acc0842c4bed8690fe29858070215d7a74f4a44bNick Kralevichneverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms; 460