Allow the shell user to run tzdatacheck

Allow the shell user to run tzdatacheck, which is required to enable a new host side test. This change also adds some additional checks to tzdatacheck.te to ensure that OEMs opening up permissions further don't accidentally create a security hole. Bug: 31008728 Test: Ran CTS Change-Id: I6ebfb467526b6b2ea08f891420eea24c81ed1e36
2017-02-24 19:03:58 +00:00 · 2017-02-24 19:03:58 +00:00 · 5684f61fe2
commit 5684f61fe2
parent 47061e5910
2 changed files with 13 additions and 0 deletions
--- a/public/shell.te
+++ b/public/shell.te
@ -46,6 +46,7 @@ allow shell input_device:chr_file rw_file_perms;
 r_dir_file(shell, system_file)
 allow shell system_file:file x_file_perms;
 allow shell toolbox_exec:file rx_file_perms;
+allow shell tzdatacheck_exec:file rx_file_perms;
 allow shell shell_exec:file rx_file_perms;
 allow shell zygote_exec:file rx_file_perms;

--- a/public/tzdatacheck.te
+++ b/public/tzdatacheck.te
@ -4,3 +4,15 @@ type tzdatacheck_exec, exec_type, file_type;

 allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
 allow tzdatacheck zoneinfo_data_file:file unlink;
+
+# Below are strong assertion that only init, system_server and tzdatacheck
+# can modify the /data time zone rules directories. This is to make it very
+# clear that only these domains should modify the actual time zone rules data.
+# The tzdatacheck binary itself may be executed by shell for tests but it must
+# not be able to modify the real rules.
+# If other users / binaries could modify time zone rules on device this might
+# have negative implications for users (who may get incorrect local times)
+# or break assumptions made / invalidate data held by the components actually
+# responsible for updating time zone rules.
+neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms;
+neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms;