1 /* 2 * Copyright (C) 2024 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "host/commands/process_sandboxer/policies.h" 18 19 #include <syscall.h> 20 21 #include <sandboxed_api/sandbox2/policybuilder.h> 22 23 namespace cuttlefish::process_sandboxer { 24 SecureEnvPolicy(const HostInfo & host)25sandbox2::PolicyBuilder SecureEnvPolicy(const HostInfo& host) { 26 std::string exe = host.HostToolExe("secure_env"); 27 return BaselinePolicy(host, exe) 28 // ms-tpm-20-ref creates a NVChip file in the runtime directory 29 .AddDirectory(host.runtime_dir, /* is_ro= */ false) 30 .AddDirectory(host.log_dir, /* is_ro= */ false) 31 .AddFile(host.cuttlefish_config_path) 32 .AddFile(exe) // to exec itself 33 .AllowDup() 34 .AllowFork() // Something is using clone, not sure what 35 .AllowGetIDs() // For getuid 36 .AllowSafeFcntl() 37 .AllowSelect() 38 .AllowSyscall(__NR_accept) 39 .AllowSyscall(__NR_execve) // to exec itself 40 // Something is using arguments not allowed by AllowGetRandom() 41 .AllowSyscall(__NR_getrandom) 42 .AllowSyscall(__NR_madvise) 43 // statx not covered by AllowStat() 44 .AllowSyscall(__NR_statx) 45 .AllowSyscall(__NR_socketpair) 46 .AllowSyscall(__NR_tgkill) 47 .AllowUnlink() // keymint_secure_deletion_data 48 .AllowTCGETS() 49 .AllowTime(); 50 } 51 52 } // namespace cuttlefish::process_sandboxer 53