From 77e8a627706849ed188b2c14e888cc821c0e1a8c Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Fri, 7 Jul 2017 15:52:08 +0900
Subject: [PATCH] Device SELinux policy for secure persistent netd storage

This is used to persist RFC 7217 stable secrets across device reboots.
For now this is device-specific; in future releases it will be moved
to public sepolicy.

Bug: 17613910
Test: stable_secret is generated on first use and persists across reboots
Test: "adb shell getprop persist.netd.stable_secret" doesn't work after "adb unroot"
Change-Id: I0a609c724799a15b1926e62534c16810d34f2275
---
 sepolicy/private/netd.te           | 10 ++++++++++
 sepolicy/private/property.te       |  2 ++
 sepolicy/private/property_contexts |  2 ++
 3 files changed, 14 insertions(+)
 create mode 100644 sepolicy/private/netd.te
 create mode 100644 sepolicy/private/property.te
 create mode 100644 sepolicy/private/property_contexts

diff --git a/sepolicy/private/netd.te b/sepolicy/private/netd.te
new file mode 100644
index 000000000..f5ebe20cd
--- /dev/null
+++ b/sepolicy/private/netd.te
@@ -0,0 +1,10 @@
+# TODO: delete this once it's in common sepolicy.
+set_prop(netd, netd_stable_secret_prop)
+
+# persist.netd.stable_secret contains RFC 7217 secret key which should never be
+# leaked to other processes. Make sure it never leaks.
+neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
+
+# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
+# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
+neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
diff --git a/sepolicy/private/property.te b/sepolicy/private/property.te
new file mode 100644
index 000000000..a9519ecd4
--- /dev/null
+++ b/sepolicy/private/property.te
@@ -0,0 +1,2 @@
+# TODO: delete this once it's in common sepolicy.
+type netd_stable_secret_prop, property_type;
diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts
new file mode 100644
index 000000000..901beedcd
--- /dev/null
+++ b/sepolicy/private/property_contexts
@@ -0,0 +1,2 @@
+# TODO: delete this once it's in common sepolicy.
+persist.netd.stable_secret    u:object_r:netd_stable_secret_prop:s0