PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pwn-14
android_system_sepolicy/public/attributes
Michael Bestas 5602318691 Android 14.0.0 release 29 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZeZW6AAKCRDorT+BmrEO
 eOnvAJ9whFqxFGOLl632MzxmJKAFRNJ7FwCfVk3Ziz3andwxduO/ytPdCOtvs8c=
 =9IvZ
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmXrqAgXHG1rYmVzdGFz
 QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmlTsg/8CohqgcFJ5XRyTMIb4wcy2xzx
 53veV1iG8QwcufDg2bpStyIUUxZB/ZzAlUigwqFtHlBb1lvLhKhhOOcxO52NpRWY
 l6WrTMknd+WIuFa0uh9GbvO2twSwuQ2VrPvaco40bv56IgTbfxP3zyT8ya5vrnCf
 RTQ9tj7uPpBNfLCJmSd7w4F4qUrNijebiEGlM33baz9L3j+t4lsPaFtiFz2LErU+
 h3z70cyzan6DDpTKQ3k8Et1AFFcYdggTJq0AE1Kt3+kcbbVg6h3c20ta/5UrfQ4x
 LJ4klgfOiGp/ojEiepmeJ3z/rEFpJNOrd27sppAheGwWiKrGZuAtLd1vZ0bs3OMb
 1BwvLqFKsDZk7IVpCpZwsdTF34JfJmqCT1BP2J0BkeqNWhSRmUrmBUypoNXjgZns
 jTQ5f0waiDjaFxu/E8jAf2pKLgCNAYtIdt1SQXXm0kD0hvdYINcyxoDGvL+qua0J
 PAw2uTKNE2cOM+oFPBVlfqy/xnuCbyYaf2p8kyQ38iOifkWX7eK26UAV+yQukxfZ
 CTRy3GTHPRMocSENrnkgEdJ3mh7C9QcfZp6HaghKIKE2nqcyjGUaluYf0NrZDltN
 jwF4Va/9B3ywr3puf7LVMo2RxDYecpivKeuBODiXqggXWCuaSVpth5QKn0RKYF3p
 SEnsk1C2/LAZiFp2rHo=
 =oZu8
 -----END PGP SIGNATURE-----

Merge tag 'android-14.0.0_r29' into staging/lineage-21.0_merge-android-14.0.0_r29

Android 14.0.0 release 29

# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZeZW6AAKCRDorT+BmrEO
# eOnvAJ9whFqxFGOLl632MzxmJKAFRNJ7FwCfVk3Ziz3andwxduO/ytPdCOtvs8c=
# =9IvZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue Mar  5 01:19:04 2024 EET
# gpg:                using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2368 signatures in the past
#      2 years.  Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381  0964 E8AD 3F81 9AB1 0E78

# By Inseob Kim (51) and others
# Via Automerger Merge Worker (2967) and others
* tag 'android-14.0.0_r29': (380 commits)
  sepolicy: grant network_stack CAP_WAKE_ALARM
  Allow pm.archiving.enabled to be read by priv apps.
  Allow more AIDL Camera Provider versions
  Allow for server-side configuration of libstagefright
  Add bluetooth ranging hal
  SEPolicy: Add game sysprop read access for system_app
  Allow hal_codec2_server to read fifo_file from untrusted_app_all
  Revert "Remove implicit access for isolated_app"
  Add bluetooth finder service sepolicy
  Add system_boot_reason read access to priv_app
  Allow virtual camera to do binder calls to apps and vice versa.
  crash_dump: read bootstrap libs
  Allow isolated to read staged apks
  Allow for ISecretkeeper/default
  Allow virtual camera service to find permission_service
  Introduce vendor_apex_metadata_file
  Making sys.boot.reason.last restricted
  allow watchdog to dump servicemanager
  Fix dumpstate denials related to ot_daemon
  Add biometric face virtual hal service
  ...

 Conflicts:
	prebuilts/api/34.0/private/compat/33.0/33.0.ignore.cil
	private/compat/33.0/33.0.ignore.cil
	private/system_server.te

Change-Id: Ie7e5a7c8316b8b7dc9e3ab3606d7cd9623fd18ca
2024-03-09 02:06:30 +02:00

455 lines
15 KiB
Plaintext
Raw Permalink Blame History

######################################
# Attribute declarations
#
# All types used for devices.
# On change, update CHECK_FC_ASSERT_ATTRS
# in tools/checkfc.c
attribute dev_type;
# Attribute for all bpf filesystem subtypes.
attribute bpffs_type;
# All types used for processes.
attribute domain;
# All types used for filesystems.
# On change, update CHECK_FC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute fs_type;
# All types used for context= mounts.
attribute contextmount_type;
# All types referencing a FUSE filesystem.
# When mounting a new FUSE filesystem, the fscontext= option should be used to
# set a domain-specific type with this attribute. See app_fusefs for an
# example.
attribute fusefs_type;
# All types used for sdcard_posix context= mounts.
attribute sdcard_posix_contextmount_type;
# All types used for files that can exist on a labeled fs.
# Do not use for pseudo file types.
# On change, update CHECK_FC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute file_type;
# All types used for domain entry points.
attribute exec_type;
# All types used for /data files.
attribute data_file_type;
expandattribute data_file_type false;
# All types in /data, not in /data/vendor
attribute core_data_file_type;
expandattribute core_data_file_type false;
# All types used for app private data files in seapp_contexts.
# Such types should not be applied to any other files.
attribute app_data_file_type;
expandattribute app_data_file_type false;
# All types in /system
attribute system_file_type;
# All types in /system_dlkm
attribute system_dlkm_file_type;
# All types in /vendor
attribute vendor_file_type;
# All types used for procfs files.
attribute proc_type;
expandattribute proc_type false;
# Types in /proc/net, excluding qtaguid types.
# TODO(b/9496886) Lock down access to /proc/net.
# This attribute is used to audit access to proc_net. it is temporary and will
# be removed.
attribute proc_net_type;
expandattribute proc_net_type true;
# All types used for sysfs files.
attribute sysfs_type;
# All types use for debugfs files.
attribute debugfs_type;
# All types used for tracefs files.
attribute tracefs_type;
# Attribute used for all sdcards
attribute sdcard_type;
# All types used for nodes/hosts.
attribute node_type;
# All types used for network interfaces.
attribute netif_type;
# All types used for network ports.
attribute port_type;
# All types used for property service
# On change, update CHECK_PC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute property_type;
# All properties defined in core SELinux policy. Should not be
# used by device specific properties
attribute core_property_type;
# All properties used to configure log filtering.
attribute log_property_type;
# All properties that are not specific to device but are added from
# outside of AOSP. (e.g. OEM-specific properties)
# These properties are not accessible from device-specific domains
attribute extended_core_property_type;
# Properties used for representing ownership. All properties should have one
# of: system_property_type, product_property_type, or vendor_property_type.
# All properties defined by /system.
attribute system_property_type;
expandattribute system_property_type false;
# All /system-defined properties used only in /system.
attribute system_internal_property_type;
expandattribute system_internal_property_type false;
# All /system-defined properties which can't be written outside /system.
attribute system_restricted_property_type;
expandattribute system_restricted_property_type false;
# All /system-defined properties with no restrictions.
attribute system_public_property_type;
expandattribute system_public_property_type false;
# All keystore2_key labels.
attribute keystore2_key_type;
# All properties defined by /product.
# Currently there are no enforcements between /system and /product, so for now
# /product attributes are just replaced to /system attributes.
define(`product_property_type', `system_property_type')
define(`product_internal_property_type', `system_internal_property_type')
define(`product_restricted_property_type', `system_restricted_property_type')
define(`product_public_property_type', `system_public_property_type')
# All properties defined by /vendor.
attribute vendor_property_type;
expandattribute vendor_property_type false;
# All /vendor-defined properties used only in /vendor.
attribute vendor_internal_property_type;
expandattribute vendor_internal_property_type false;
# All /vendor-defined properties which can't be written outside /vendor.
attribute vendor_restricted_property_type;
expandattribute vendor_restricted_property_type false;
# All /vendor-defined properties with no restrictions.
attribute vendor_public_property_type;
expandattribute vendor_public_property_type false;
# All service_manager types created by system_server
attribute system_server_service;
# services which should be available to all but isolated apps
attribute app_api_service;
# services which should be available to all ephemeral apps
attribute ephemeral_app_api_service;
# services which export only system_api
attribute system_api_service;
# services which are explicitly disallowed for untrusted apps to access
attribute protected_service;
# All types used for services managed by servicemanager.
# On change, update CHECK_SC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute service_manager_type;
# All types used for services managed by hwservicemanager
attribute hwservice_manager_type;
# All HwBinder services guaranteed to be passthrough. These services always run
# in the process of their clients, and thus operate with the same access as
# their clients.
attribute same_process_hwservice;
# All HwBinder services guaranteed to be offered only by core domain components
attribute coredomain_hwservice;
# All HwBinder services that untrusted apps can't directly access
attribute protected_hwservice;
# All types used for services managed by vndservicemanager
attribute vndservice_manager_type;
# All services declared as part of an HAL
attribute hal_service_type;
# All domains that can override MLS restrictions.
# i.e. processes that can read up and write down.
attribute mlstrustedsubject;
# All types that can override MLS restrictions.
# i.e. files that can be read by lower and written by higher
attribute mlstrustedobject;
# All domains used for apps.
attribute appdomain;
# All third party apps (except isolated_app and ephemeral_app)
attribute untrusted_app_all;
# All apps with UID between AID_ISOLATED_START (99000) and AID_ISOLATED_END (99999).
attribute isolated_app_all;
# All service types that would be allowed for isolated_compute_app.
attribute isolated_compute_allowed_service;
# All device types that would be allowed for isolated_compute_app.
attribute isolated_compute_allowed_device;
# All domains used for apps with network access.
attribute netdomain;
# All domains used for apps with bluetooth access.
attribute bluetoothdomain;
# Specific domains that expose a binder service.
# Deprecated, consider granting the exact permissions required by your service.
attribute binderservicedomain;
# All domains which have BPF access.
attribute bpfdomain;
expandattribute bpfdomain false;
# update_engine related domains that need to apply an update and run
# postinstall. This includes the background daemon and the sideload tool from
# recovery for A/B devices.
attribute update_engine_common;
# All core domains (as opposed to vendor/device-specific domains)
attribute coredomain;
# All vendor hwservice.
attribute vendor_hwservice_type;
# All socket devices owned by core domain components
attribute coredomain_socket;
expandattribute coredomain_socket false;
# All vendor domains which violate the requirement of not using sockets for
# communicating with core components
# TODO(b/36577153): Remove this once there are no violations
attribute socket_between_core_and_vendor_violators;
expandattribute socket_between_core_and_vendor_violators false;
# All vendor domains which violate the requirement of not executing
# system processes
# TODO(b/36463595)
attribute vendor_executes_system_violators;
expandattribute vendor_executes_system_violators false;
# All domains which violate the requirement of not sharing files by path
# between between vendor and core domains.
# TODO(b/34980020)
attribute data_between_core_and_vendor_violators;
expandattribute data_between_core_and_vendor_violators false;
# All system domains which violate the requirement of not executing vendor
# binaries/libraries.
# TODO(b/62041836)
attribute system_executes_vendor_violators;
expandattribute system_executes_vendor_violators false;
# All system domains which violate the requirement of not writing vendor
# properties.
# TODO(b/78598545): Remove this once there are no violations
attribute system_writes_vendor_properties_violators;
expandattribute system_writes_vendor_properties_violators false;
# All system domains which violate the requirement of not writing to
# /mnt/vendor/*. Must not be used on devices launched with P or later.
attribute system_writes_mnt_vendor_violators;
expandattribute system_writes_mnt_vendor_violators false;
# hwservices that are accessible from untrusted applications
# WARNING: Use of this attribute should be avoided unless
# absolutely necessary. It is a temporary allowance to aid the
# transition to treble and will be removed in a future platform
# version, requiring all hwservices that are labeled with this
# attribute to be submitted to AOSP in order to maintain their
# app-visibility.
attribute untrusted_app_visible_hwservice_violators;
expandattribute untrusted_app_visible_hwservice_violators false;
# halserver domains that are accessible to untrusted applications. These
# domains are typically those hosting hwservices attributed by the
# untrusted_app_visible_hwservice_violators.
# WARNING: Use of this attribute should be avoided unless absolutely necessary.
# It is a temporary allowance to aid the transition to treble and will be
# removed in the future platform version, requiring all halserver domains that
# are labeled with this attribute to be submitted to AOSP in order to maintain
# their app-visibility.
attribute untrusted_app_visible_halserver_violators;
expandattribute untrusted_app_visible_halserver_violators false;
# PDX services
attribute pdx_endpoint_dir_type;
attribute pdx_endpoint_socket_type;
expandattribute pdx_endpoint_socket_type false;
attribute pdx_channel_socket_type;
expandattribute pdx_channel_socket_type false;
pdx_service_attributes(display_client)
pdx_service_attributes(display_manager)
pdx_service_attributes(display_screenshot)
pdx_service_attributes(display_vsync)
pdx_service_attributes(performance_client)
pdx_service_attributes(bufferhub_client)
# All HAL servers
attribute halserverdomain;
# All HAL clients
attribute halclientdomain;
expandattribute halclientdomain true;
# Exempt for halserverdomain to access sockets. Only builds for automotive
# device types are allowed to use this attribute (enforced by CTS).
# Unlike phone, in a car many modules are external from Android perspective and
# HALs should be able to communicate with those devices through sockets.
attribute hal_automotive_socket_exemption;
# HALs
hal_attribute(allocator);
hal_attribute(atrace);
hal_attribute(audio);
hal_attribute(audiocontrol);
hal_attribute(authgraph);
hal_attribute(authsecret);
hal_attribute(bluetooth);
hal_attribute(bootctl);
hal_attribute(broadcastradio);
hal_attribute(camera);
hal_attribute(can_bus);
hal_attribute(can_controller);
hal_attribute(cas);
hal_attribute(codec2);
hal_attribute(configstore);
hal_attribute(confirmationui);
hal_attribute(contexthub);
hal_attribute(drm);
hal_attribute(dumpstate);
hal_attribute(evs);
hal_attribute(face);
hal_attribute(fastboot);
hal_attribute(fingerprint);
hal_attribute(gatekeeper);
hal_attribute(gnss);
hal_attribute(graphics_allocator);
hal_attribute(graphics_composer);
hal_attribute(health);
hal_attribute(health_storage);
hal_attribute(identity);
hal_attribute(input_classifier);
hal_attribute(input_processor);
hal_attribute(ir);
hal_attribute(ivn);
hal_attribute(keymaster);
hal_attribute(keymint);
hal_attribute(light);
hal_attribute(lowpan);
hal_attribute(macsec);
hal_attribute(memtrack);
hal_attribute(neuralnetworks);
hal_attribute(nfc);
hal_attribute(nlinterceptor);
hal_attribute(oemlock);
hal_attribute(omx);
hal_attribute(power);
hal_attribute(power_stats);
hal_attribute(rebootescrow);
hal_attribute(remoteaccess);
hal_attribute(secretkeeper);
hal_attribute(remotelyprovisionedcomponent_avf);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
hal_attribute(tetheroffload);
hal_attribute(thermal);
hal_attribute(threadnetwork);
hal_attribute(tv_cec);
hal_attribute(tv_hdmi_cec);
hal_attribute(tv_hdmi_connection);
hal_attribute(tv_hdmi_earc);
hal_attribute(tv_input);
hal_attribute(tv_tuner);
hal_attribute(usb);
hal_attribute(usb_gadget);
hal_attribute(uwb);
# TODO(b/196225233): Remove this attribute and its usages elsewhere
# once all chip vendors integrate to the new UWB stack.
hal_attribute(uwb_vendor);
hal_attribute(vehicle);
hal_attribute(vibrator);
hal_attribute(vr);
hal_attribute(weaver);
hal_attribute(wifi);
hal_attribute(wifi_hostapd);
hal_attribute(wifi_supplicant);
# HwBinder services offered across the core-vendor boundary
#
# We annotate server domains with x_server to loosen the coupling between
# system and vendor images. For example, it should be possible to move a service
# from one core domain to another, without having to update the vendor image
# which contains clients of this service.
attribute automotive_display_service_server;
attribute camera_service_server;
attribute display_service_server;
attribute evsmanager_service_server;
attribute remote_provisioning_service_server;
attribute scheduler_service_server;
attribute sensor_service_server;
attribute stats_service_server;
attribute system_suspend_internal_server;
attribute system_suspend_server;
attribute wifi_keystore_service_server;
# All types used for super partition block devices.
attribute super_block_device_type;
# All types used for DMA-BUF heaps
attribute dmabuf_heap_device_type;
expandattribute dmabuf_heap_device_type false;
# Types for VM managers
attribute vm_manager_device_type;
# All types used for DSU metadata files.
attribute gsi_metadata_file_type;
# Types used for module-specific APEX data directories under
# /data/{misc,misc_ce,misc_de}/apexdata.
attribute apex_data_file_type;
# Domains used for charger.
# This is the common type for domains that executes charger's
# functionalities, including setting and getting necessary properties,
# permissions to maintain the health loop, writing to kernel log, handling
# inputs and drawing screens, etc.
attribute charger_type;
# All types of ART properties.
attribute dalvik_config_prop_type;
Reference in New Issue View Git Blame Copy Permalink