> -----Original Message----- > From: Stephen Smalley [mailto:[email protected]] > Sent: Friday, January 8, 2016 9:19 AM > To: Roberts, William C <[email protected]>; 'seandroid- > [email protected]' <[email protected]> > Subject: Re: Killing camera_device and/or strengthening neverallow app > video_device > > On 01/07/2016 04:17 PM, Roberts, William C wrote: > > I'm proposing two items: > > 1. Adding a neverallow on appdomain to video_device 2. Killing > > camera_device > > > > Where item 2 is a dependency of item 1, but item 1 can stand alone. > > > > Camera device: > > Looking at this, it appears that it would open up a device off limits to > surfaceflinger in the base policy currently. > > > > external/sepolicy$ grep -rn camera_device * > > app.te:243: camera_device > > device.te:9:type camera_device, dev_type; > > file_contexts:63:/dev/cam u:object_r:camera_device:s0 > > mediaserver.te:51:allow mediaserver camera_device:chr_file > > rw_file_perms; > > > > external/sepolicy$ grep -rn video_device * device.te:41:type > > video_device, dev_type; > > file_contexts:92:/dev/nvhdcp1 u:object_r:video_device:s0 > > file_contexts:125:/dev/tegra.* u:object_r:video_device:s0 > > file_contexts:137:/dev/video[0-9]* u:object_r:video_device:s0 > > mediaserver.te:27:allow mediaserver video_device:dir r_dir_perms; > > mediaserver.te:28:allow mediaserver video_device:chr_file > > rw_file_perms; surfaceflinger.te:30:allow surfaceflinger > > video_device:dir r_dir_perms; surfaceflinger.te:31:allow > > surfaceflinger video_device:chr_file rw_file_perms; > > system_server.te:172:allow system_server video_device:dir r_dir_perms; > > system_server.te:173:allow system_server video_device:chr_file > > rw_file_perms; > > > > This could also simplify policy for: > > ./lge/hammerhead/sepolicy/file_contexts:76:/dev/video([0-9])+ > u:object_r:camera_device:s0 > > ./asus/flo/sepolicy/file_contexts:78:/dev/video([0-9])+ > u:object_r:camera_device:s0 > > > > Also, I noticed that Angler is doing some weird override: > > ./huawei/angler/sepolicy/file_contexts:32:/dev/video([0-9])+ > u:object_r:video_device:s0 > > > > I don't know what they intended since file_contexts in base policy covers > > that. > > > > > > Appdomain neverallow on video_device: > > Additionally, there is a neverallow in app.te restricting application > > access to the camera_device, this could be changed to video_device. I > > am not super familiar with how video devices should be brought up for > > image processing, etc within the Android system, but it appears that > mediaserver would be the right spot: https://source.android.com/devices. > > SGTM. If it needs to be staged, you could put a change that switches type > camera_device in external/sepolicy to a typealias of video_device while > rewriting > all references in external/sepolicy to video_device, then later drop the > typealias > once all device policies have been updated.
That seems reasonable to me. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
