Stephen Smalley avatar Stephen Smalley committed b98b5f9

Update for changes to binder security checking.

Comments (0)

Files changed (7)

 	call
 	set_context_mgr
 	transfer
-	receive
 }
 
 class zygote
 binder_use(appdomain)
 # Perform binder IPC to binder services.
 binder_call(appdomain, binderservicedomain)
-binder_transfer(appdomain, binderservicedomain)
 # Perform binder IPC to other apps.
 binder_call(appdomain, appdomain)
-binder_transfer(appdomain, appdomain)
 
 # Appdomain interaction with isolated apps
 r_dir_file(appdomain, isolated_app)
 binder_use(mediaserver)
 binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)
-binder_transfer(mediaserver, surfaceflinger)
 binder_service(mediaserver)
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file r_file_perms;

servicemanager.te

 # created by other domains.  It never passes its own references
 # or initiates a Binder IPC.
 allow servicemanager self:binder set_context_mgr;
-allow servicemanager domain:binder { receive transfer };
+allow servicemanager domain:binder transfer;
 
 # Perform binder IPC to any app domain.
 binder_call(system_app, appdomain)
-binder_transfer(system_app, appdomain)
 
 # Read and write system data files.
 # May want to split into separate types.
 binder_call(system, binderservicedomain)
 binder_call(system, appdomain)
 binder_service(system)
-# Transfer other Binder references.
-binder_transfer(system, binderservicedomain)
-binder_transfer(system, appdomain)
 
 # Read /proc/pid files for Binder clients.
 r_dir_file(system, appdomain)
 define(`binder_use', `
 # Get Binder references from the servicemanager.
 allow $1 servicemanager:binder call;
-# Transfer and receive own Binder references.
-allow $1 self:binder { transfer receive };
 # Map /dev/ashmem with PROT_EXEC.
 allow $1 ashmem_device:chr_file execute;
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 # binder_call(clientdomain, serverdomain)
 # Allow clientdomain to perform binder IPC to serverdomain.
 define(`binder_call', `
-# First we receive a Binder ref to the server, then we call it.
-allow $1 $2:binder { receive call };
+# Call the server domain and optionally transfer references to it.
+allow $1 $2:binder { call transfer };
 # Receive and use open files from the server.
 allow $1 $2:fd use;
 ')
 
 #####################################
-# binder_transfer(clientdomain, serverdomain)
-# Allow clientdomain to transfer Binder references created by serverdomain.
-define(`binder_transfer', `
-allow $1 $2:binder transfer;
-')
-
-#####################################
 # binder_service(domain)
 # Mark a domain as being a Binder service domain.
 # Used to allow binder IPC to the various system services.
 allow unconfineddomain port_type:socket_class_set name_bind;
 allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect;
 allow unconfineddomain domain:peer recv;
-allow unconfineddomain domain:binder { call transfer receive };
+allow unconfineddomain domain:binder { call transfer };
 allow unconfineddomain property_type:property_service set;
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.