init is a dynamic executable

init is now a dynamic executable. So it has to be able to execute the dynamic linker (/system/bin/linker) and shared libraries (e.g., /system/lib/libc.so). Furthermore, when in recovery mode, the files are all labeled as rootfs - because the recovery ramdisk does not support xattr, so files of type rootfs is allowed to be executed. Do the same for kernel and ueventd because they are executing the init executable. Bug: 63673171 Test: `adb reboot recovery; adb devices` shows the device ID Change-Id: Ic6225bb8e129a00771e1455e259ff28241b70396
2018-06-01 19:28:59 +09:00 · 2018-06-01 19:28:59 +09:00 · 90b21ee4b4
commit 90b21ee4b4
parent bacf36480d
3 changed files with 27 additions and 0 deletions
--- a/public/kernel.te
+++ b/public/kernel.te
@ -103,3 +103,18 @@ neverallow kernel *:file { entrypoint execute_no_trans };
 # Instead of adding dac_{read_search,override}, fix the unix permissions
 # on files being accessed.
 neverallow kernel self:global_capability_class_set { dac_override dac_read_search };
+
+# Allow the first-stage init (which is running in the kernel domain) to execute the
+# dynamic linker when it re-executes /init to switch into the second stage.
+# Until Linux 4.8, the program interpreter (dynamic linker in this case) is executed
+# before the domain is switched to the target domain. So, we need to allow the kernel
+# domain (the source domain) to execute the dynamic linker (system_file type).
+# TODO(b/110147943) remove these allow rules when we no longer need to support Linux
+# kernel older than 4.8.
+allow kernel system_file:file execute;
+# The label for the dynamic linker is rootfs in the recovery partition. This is because
+# the recovery partition which is rootfs does not support xattr and thus labeling can't be
+# done at build-time. All files are by default labeled as rootfs upon booting.
+recovery_only(`
+  allow kernel rootfs:file execute;
+')
--- a/public/ueventd.te
+++ b/public/ueventd.te
@ -39,6 +39,12 @@ allow ueventd self:process setfscreate;
 # Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
 allow ueventd proc_cmdline:file r_file_perms;

+# Everything is labeled as rootfs in recovery mode. ueventd has to execute
+# the dynamic linker and shared libraries.
+recovery_only(`
+  allow ueventd rootfs:file { r_file_perms execute };
+')
+
 #####
 ##### neverallow rules
 #####
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -155,6 +155,12 @@ allow vendor_init self:global_capability_class_set sys_admin;
 # Raw writes to misc block device
 allow vendor_init misc_block_device:blk_file w_file_perms;

+# Everything is labeled as rootfs in recovery mode. Vendor init has to execute
+# the dynamic linker and shared libraries.
+recovery_only(`
+  allow vendor_init rootfs:file { r_file_perms execute };
+')
+
 not_compatible_property(`
    set_prop(vendor_init, {
      property_type