Alex Klyubin | 75ca483 | 2017-04-17 13:08:44 -0700 | [diff] [blame] | 1 | # HwBinder IPC from client to server |
| 2 | binder_call(hal_configstore_client, hal_configstore_server) |
Alex Klyubin | 53656c1 | 2017-04-13 19:05:27 -0700 | [diff] [blame] | 3 | |
Steven Moreland | ac88cb6 | 2018-06-06 12:55:06 -0700 | [diff] [blame] | 4 | hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs) |
Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 5 | |
| 6 | # hal_configstore runs with a strict seccomp filter. Use crash_dump's |
| 7 | # fallback path to collect crash data. |
| 8 | crash_dump_fallback(hal_configstore_server) |
| 9 | |
| 10 | ### |
| 11 | ### neverallow rules |
| 12 | ### |
| 13 | |
| 14 | # Should never execute an executable without a domain transition |
| 15 | neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans; |
| 16 | |
| 17 | # Should never need network access. Disallow sockets except for |
| 18 | # for unix stream/dgram sockets used for logging/debugging. |
| 19 | neverallow hal_configstore_server domain:{ |
| 20 | rawip_socket tcp_socket udp_socket |
| 21 | netlink_route_socket netlink_selinux_socket |
| 22 | socket netlink_socket packet_socket key_socket appletalk_socket |
| 23 | netlink_tcpdiag_socket netlink_nflog_socket |
| 24 | netlink_xfrm_socket netlink_audit_socket |
| 25 | netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket |
| 26 | netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket |
| 27 | netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket |
| 28 | netlink_rdma_socket netlink_crypto_socket |
| 29 | } *; |
| 30 | neverallow hal_configstore_server { |
| 31 | domain |
| 32 | -hal_configstore_server |
| 33 | -logd |
Pete Bentley | e6da3b8 | 2022-09-16 15:31:39 +0100 | [diff] [blame] | 34 | -prng_seeder |
Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 35 | userdebug_or_eng(`-su') |
| 36 | -tombstoned |
| 37 | }:{ unix_dgram_socket unix_stream_socket } *; |
| 38 | |
| 39 | # Should never need access to anything on /data |
| 40 | neverallow hal_configstore_server { |
| 41 | data_file_type |
| 42 | -anr_data_file # for crash dump collection |
| 43 | -tombstone_data_file # for crash dump collection |
Pirama Arumuga Nainar | ce9c0c5 | 2019-06-13 15:05:15 -0700 | [diff] [blame] | 44 | with_native_coverage(`-method_trace_data_file') |
Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 45 | }:{ file fifo_file sock_file } *; |
| 46 | |
| 47 | # Should never need sdcard access |
Jeff Sharkey | 000cafc | 2018-03-30 12:22:54 -0600 | [diff] [blame] | 48 | neverallow hal_configstore_server { |
| 49 | sdcard_type |
Alfred Piccioni | 30ae427 | 2023-01-17 18:22:34 +0100 | [diff] [blame] | 50 | fuse sdcardfs vfat exfat fuseblk # manual expansion for completeness |
Jeff Sharkey | 000cafc | 2018-03-30 12:22:54 -0600 | [diff] [blame] | 51 | }:dir ~getattr; |
| 52 | neverallow hal_configstore_server { |
| 53 | sdcard_type |
Alfred Piccioni | 30ae427 | 2023-01-17 18:22:34 +0100 | [diff] [blame] | 54 | fuse sdcardfs vfat exfat fuseblk # manual expansion for completeness |
Jeff Sharkey | 000cafc | 2018-03-30 12:22:54 -0600 | [diff] [blame] | 55 | }:file *; |
Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 56 | |
| 57 | # Do not permit access to service_manager and vndservice_manager |
| 58 | neverallow hal_configstore_server *:service_manager *; |
| 59 | |
| 60 | # No privileged capabilities |
| 61 | neverallow hal_configstore_server self:capability_class_set *; |
| 62 | |
| 63 | # No ptracing other processes |
| 64 | neverallow hal_configstore_server *:process ptrace; |
| 65 | |
| 66 | # no relabeling |
| 67 | neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto }; |