platform_system_sepolicy/system_app.te

#
# Apps that run with the system UID, e.g. com.android.system.ui,
# com.android.settings.  These are not as privileged as the system
# server.
#
type system_app, domain;
permissive system_app;
app_domain(system_app)

# Perform binder IPC to any app domain.
binder_call(system_app, appdomain)

# Read and write system data files.
# May want to split into separate types.
allow system_app system_data_file:dir create_dir_perms;
allow system_app system_data_file:file create_file_perms;

# Read wallpaper file.
allow system_app wallpaper_file:file r_file_perms;

# Write to dalvikcache.
allow system_app dalvikcache_data_file:file { write setattr };

# Talk to keystore.
unix_socket_connect(system_app, keystore, keystore)

# Read SELinux enforcing status.
selinux_getenforce(system_app)

# Settings app reads sdcard for storage stats
allow system_app sdcard_type:dir r_dir_perms;

# Allow settings app to read from asec
allow system_app asec_apk_file:dir search;
allow system_app asec_apk_file:file r_file_perms;
Split system_app from system. system_app is for apps that run in the system UID, e.g. Settings. system is for the system_server. Split them into separate files and note their purpose in the comment header of each file. Change-Id: I19369abc728ba2159fd50ae6b230828857e19f10 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-09-11 17:37:46 +02:00			`#`
			`# Apps that run with the system UID, e.g. com.android.system.ui,`
			`# com.android.settings. These are not as privileged as the system`
			`# server.`
			`#`
			`type system_app, domain;`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00			`permissive system_app;`
Split system_app from system. system_app is for apps that run in the system UID, e.g. Settings. system is for the system_server. Split them into separate files and note their purpose in the comment header of each file. Change-Id: I19369abc728ba2159fd50ae6b230828857e19f10 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-09-11 17:37:46 +02:00			`app_domain(system_app)`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00
			`# Perform binder IPC to any app domain.`
			`binder_call(system_app, appdomain)`

			`# Read and write system data files.`
			`# May want to split into separate types.`
			`allow system_app system_data_file:dir create_dir_perms;`
			`allow system_app system_data_file:file create_file_perms;`

			`# Read wallpaper file.`
			`allow system_app wallpaper_file:file r_file_perms;`

			`# Write to dalvikcache.`
			`allow system_app dalvikcache_data_file:file { write setattr };`

			`# Talk to keystore.`
			`unix_socket_connect(system_app, keystore, keystore)`

			`# Read SELinux enforcing status.`
			`selinux_getenforce(system_app)`

			`# Settings app reads sdcard for storage stats`
			`allow system_app sdcard_type:dir r_dir_perms;`

			`# Allow settings app to read from asec`
			`allow system_app asec_apk_file:dir search;`
			`allow system_app asec_apk_file:file r_file_perms;`