platform_system_sepolicy/public/apexd.te

# apexd -- manager for APEX packages
type apexd, domain;
type apexd_exec, exec_type, file_type, system_file_type;

binder_use(apexd)
add_service(apexd, apex_service)
set_prop(apexd, apexd_prop)

neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
neverallow { domain -init -apexd -system_server } apexd:binder call;

neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;

# only apexd can set apexd sysprop
neverallow { domain -apexd -init } apexd_prop:property_service set;
Add policy for apexd. apexd is a new daemon for managing APEX packages installed on the device. It hosts a single binder service, "apexservice". Bug: 112455435 Test: builds, binder service can be registered, apexes can be accessed, verified and mounted Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97 2018-08-17 09:35:42 +02:00			`# apexd -- manager for APEX packages`
			`type apexd, domain;`
			`type apexd_exec, exec_type, file_type, system_file_type;`

			`binder_use(apexd)`
			`add_service(apexd, apex_service)`
apexd exports its status via sysprop A sysprop apexd.status is set by apexd, to that other components (i.e. init) can determine whether APEXs are all successfully mounted or no (i.e., being mounted). The sysprop is only writable by apexd. Bug: 117403679 Test: adb shell getprop apexd.status returns 'ready'. Change-Id: I81bcb96e6c5cb9d899f29ffa84f91eab3820be25 2018-11-01 12:05:20 +01:00			`set_prop(apexd, apexd_prop)`
Add policy for apexd. apexd is a new daemon for managing APEX packages installed on the device. It hosts a single binder service, "apexservice". Bug: 112455435 Test: builds, binder service can be registered, apexes can be accessed, verified and mounted Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97 2018-08-17 09:35:42 +02:00
Allow PackageManager to communicate to apexd. This is used for querying the installed packages, as well as coordinating the installations of packages. Test: ran an app that queries PM, that queries apexd. Bug: 117589375 Change-Id: I38203ffe6d0d312d6cc38e131a29c14ace0ba10c 2018-10-18 13:50:06 +02:00			`neverallow { domain -init -apexd -system_server } apex_service:service_manager find;`
			`neverallow { domain -init -apexd -system_server } apexd:binder call;`
Add policy for apexd. apexd is a new daemon for managing APEX packages installed on the device. It hosts a single binder service, "apexservice". Bug: 112455435 Test: builds, binder service can be registered, apexes can be accessed, verified and mounted Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97 2018-08-17 09:35:42 +02:00
Sepolicy: Allow crash_dump to ptrace apexd in userdebug In userdebug, for better diagnostics, allow crash_dump to "connect to" apexd. Considering apexd is quite powerful, user devices remain restricted. Bug: 118771487 Test: m Change-Id: Id42bd2ad7505cd5578138bfccd8840acba9a334d 2019-03-05 17:36:36 +01:00			neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
apexd exports its status via sysprop A sysprop apexd.status is set by apexd, to that other components (i.e. init) can determine whether APEXs are all successfully mounted or no (i.e., being mounted). The sysprop is only writable by apexd. Bug: 117403679 Test: adb shell getprop apexd.status returns 'ready'. Change-Id: I81bcb96e6c5cb9d899f29ffa84f91eab3820be25 2018-11-01 12:05:20 +01:00
			`# only apexd can set apexd sysprop`
			`neverallow { domain -apexd -init } apexd_prop:property_service set;`