1805824884fbcdc522c2faac10488902bd41192bdDan Cashman# HwBinder IPC from client to server 2805824884fbcdc522c2faac10488902bd41192bdDan Cashmanbinder_call(hal_configstore_client, hal_configstore_server) 3805824884fbcdc522c2faac10488902bd41192bdDan Cashman 4805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow hal_configstore_client hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find; 5805824884fbcdc522c2faac10488902bd41192bdDan Cashman 6805824884fbcdc522c2faac10488902bd41192bdDan Cashmanadd_hwservice(hal_configstore_server, hal_configstore_ISurfaceFlingerConfigs) 7805824884fbcdc522c2faac10488902bd41192bdDan Cashman# As opposed to the rules of most other HALs, the different services exposed by 8805824884fbcdc522c2faac10488902bd41192bdDan Cashman# this HAL should be restricted to different clients. Thus, the allow rules for 9805824884fbcdc522c2faac10488902bd41192bdDan Cashman# clients are defined in the .te files of the clients. 10805824884fbcdc522c2faac10488902bd41192bdDan Cashman 11805824884fbcdc522c2faac10488902bd41192bdDan Cashman# hal_configstore runs with a strict seccomp filter. Use crash_dump's 12805824884fbcdc522c2faac10488902bd41192bdDan Cashman# fallback path to collect crash data. 13805824884fbcdc522c2faac10488902bd41192bdDan Cashmancrash_dump_fallback(hal_configstore_server) 14805824884fbcdc522c2faac10488902bd41192bdDan Cashman 15805824884fbcdc522c2faac10488902bd41192bdDan Cashman### 16805824884fbcdc522c2faac10488902bd41192bdDan Cashman### neverallow rules 17805824884fbcdc522c2faac10488902bd41192bdDan Cashman### 18805824884fbcdc522c2faac10488902bd41192bdDan Cashman 19805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Should never execute an executable without a domain transition 20805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server { file_type fs_type }:file execute_no_trans; 21805824884fbcdc522c2faac10488902bd41192bdDan Cashman 22805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Should never need network access. Disallow sockets except for 23805824884fbcdc522c2faac10488902bd41192bdDan Cashman# for unix stream/dgram sockets used for logging/debugging. 24805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server domain:{ 25805824884fbcdc522c2faac10488902bd41192bdDan Cashman rawip_socket tcp_socket udp_socket 26805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_route_socket netlink_selinux_socket 27805824884fbcdc522c2faac10488902bd41192bdDan Cashman socket netlink_socket packet_socket key_socket appletalk_socket 28805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_tcpdiag_socket netlink_nflog_socket 29805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_xfrm_socket netlink_audit_socket 30805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket 31805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket 32805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket 33805824884fbcdc522c2faac10488902bd41192bdDan Cashman netlink_rdma_socket netlink_crypto_socket 34805824884fbcdc522c2faac10488902bd41192bdDan Cashman} *; 35805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server { 36805824884fbcdc522c2faac10488902bd41192bdDan Cashman domain 37805824884fbcdc522c2faac10488902bd41192bdDan Cashman -hal_configstore_server 38805824884fbcdc522c2faac10488902bd41192bdDan Cashman -logd 39805824884fbcdc522c2faac10488902bd41192bdDan Cashman userdebug_or_eng(`-su') 40805824884fbcdc522c2faac10488902bd41192bdDan Cashman -tombstoned 41805824884fbcdc522c2faac10488902bd41192bdDan Cashman}:{ unix_dgram_socket unix_stream_socket } *; 42805824884fbcdc522c2faac10488902bd41192bdDan Cashman 43805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Should never need access to anything on /data 44805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server { 45805824884fbcdc522c2faac10488902bd41192bdDan Cashman data_file_type 46805824884fbcdc522c2faac10488902bd41192bdDan Cashman -anr_data_file # for crash dump collection 47805824884fbcdc522c2faac10488902bd41192bdDan Cashman -tombstone_data_file # for crash dump collection 48805824884fbcdc522c2faac10488902bd41192bdDan Cashman -zoneinfo_data_file # granted to domain 49805824884fbcdc522c2faac10488902bd41192bdDan Cashman}:{ file fifo_file sock_file } *; 50805824884fbcdc522c2faac10488902bd41192bdDan Cashman 51805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Should never need sdcard access 52805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server { fuse sdcardfs vfat }:file *; 53805824884fbcdc522c2faac10488902bd41192bdDan Cashman 54805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Do not permit access to service_manager and vndservice_manager 55805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server *:service_manager *; 56805824884fbcdc522c2faac10488902bd41192bdDan Cashman 57805824884fbcdc522c2faac10488902bd41192bdDan Cashman# No privileged capabilities 58805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server self:capability_class_set *; 59805824884fbcdc522c2faac10488902bd41192bdDan Cashman 60805824884fbcdc522c2faac10488902bd41192bdDan Cashman# No ptracing other processes 61805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server *:process ptrace; 62805824884fbcdc522c2faac10488902bd41192bdDan Cashman 63805824884fbcdc522c2faac10488902bd41192bdDan Cashman# no relabeling 64805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto }; 65