Google Git
Sign in
android / device / google / marlin / 6276506^! / .
commit62765066a57ed98e10823e91913a340888f2fa55[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Wed Dec 28 14:59:53 2016 -0800
committerAlex Klyubin <klyubin@google.com>Thu Dec 29 09:51:55 2016 -0800
tree60c01a99827c8e29324c8fcb142862444caafeff
parentf718d4646a28088c9ed9bd52dc00bac703abc55f [diff]
Restrict access to camera sensor's serial number

Camera sensor's serial number, stored in system property
htc.camera.sensor.front_SN, appears to change between different
devices and could thus facilitate tracking. This commit restricts
access to this system property to cameraserver and dumpstate and
shell SELinux domains.

Test: Camera works, serial number property still available via ADB, but not readable by apps.
Bug: 33700679
Change-Id: I6ad2a3aff517fe7cb9c25c3699f9852813191c28

diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
index 93c1d4b..63a47c6 100644
--- a/sepolicy/cameraserver.te
+++ b/sepolicy/cameraserver.te

@@ -15,6 +15,7 @@
 allow cameraserver input_device:chr_file r_file_perms;
 
 set_prop(cameraserver, camera_prop)
+set_prop(cameraserver, camera_serialno_prop)
 
 allow cameraserver sysfs_enable_ps_sensor:file w_file_perms;
 r_dir_file(cameraserver, sysfs_type)

diff --git a/sepolicy/domain.te b/sepolicy/domain.te
index 4aa0dbe..935f0ea 100644
--- a/sepolicy/domain.te
+++ b/sepolicy/domain.te

@@ -1,3 +1,13 @@
 get_prop(domain, camera_prop)
 
 dontaudit domain self:capability sys_module;
+
+# Do not allow access to the serial number of the camera's sensor except for a
+# few whitelisted domains.
+neverallow {
+  domain
+  -dumpstate
+  -cameraserver
+  -init
+  -shell
+} camera_serialno_prop:file r_file_perms;

diff --git a/sepolicy/property.te b/sepolicy/property.te
index 612b860..11f27ae 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te

@@ -1,4 +1,5 @@
 type camera_prop, property_type;
+type camera_serialno_prop, property_type;
 type sensors_prop, property_type;
 type wc_prop, property_type;
 type hw_sku_prop, property_type;

diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 77515e1..0d741af 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts

@@ -1,4 +1,5 @@
 persist.camera.            u:object_r:camera_prop:s0
+htc.camera.sensor.front_SN u:object_r:camera_serialno_prop:s0
 htc.camera.                u:object_r:camera_prop:s0
 sensors.                   u:object_r:sensors_prop:s0
 wc_transport.              u:object_r:wc_prop:s0

diff --git a/sepolicy/shell.te b/sepolicy/shell.te
new file mode 100644
index 0000000..7233c2b
--- /dev/null
+++ b/sepolicy/shell.te

@@ -0,0 +1 @@
+get_prop(shell, camera_serialno_prop)