platform_system_sepolicy/platform_app.te

###
### Apps signed with the platform key.
###

type platform_app, domain;
permissive platform_app;
app_domain(platform_app)
platform_app_domain(platform_app)
# Access the network.
net_domain(platform_app)
# Access bluetooth.
bluetooth_domain(platform_app)
# Write to /cache.
allow platform_app cache_file:dir rw_dir_perms;
allow platform_app cache_file:file create_file_perms;
# Read from /data/local.
allow platform_app shell_data_file:dir search;
allow platform_app shell_data_file:file { open getattr read };
allow platform_app shell_data_file:lnk_file read;
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
# created by system server.
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
allow platform_app apk_private_data_file:dir search;
# ASEC
allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms;
# Access download files.
allow platform_app download_file:file rw_file_perms;
# Allow BackupManagerService to backup all app domains
allow platform_app appdomain:fifo_file write;

#
# Rules for all platform app domains.
#

# App sandbox file accesses.
allow platformappdomain platform_app_data_file:dir create_dir_perms;
allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_perms;
# App sdcard file accesses
allow platformappdomain sdcard_type:dir create_dir_perms;
allow platformappdomain sdcard_type:file create_file_perms;
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f 2013-07-13 01:33:29 +02:00			`###`
			`### Apps signed with the platform key.`
			`###`

			`type platform_app, domain;`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00			`permissive platform_app;`
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f 2013-07-13 01:33:29 +02:00			`app_domain(platform_app)`
			`platform_app_domain(platform_app)`
			`# Access the network.`
			`net_domain(platform_app)`
			`# Access bluetooth.`
			`bluetooth_domain(platform_app)`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00			`# Write to /cache.`
			`allow platform_app cache_file:dir rw_dir_perms;`
			`allow platform_app cache_file:file create_file_perms;`
			`# Read from /data/local.`
			`allow platform_app shell_data_file:dir search;`
			`allow platform_app shell_data_file:file { open getattr read };`
			`allow platform_app shell_data_file:lnk_file read;`
			`# Populate /data/app/vmdl.tmp, /data/app-private/vmdl.tmp files`
			`# created by system server.`
			`allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;`
			`allow platform_app apk_private_data_file:dir search;`
			`# ASEC`
			`allow platform_app asec_apk_file:dir create_dir_perms;`
			`allow platform_app asec_apk_file:file create_file_perms;`
			`# Access download files.`
			`allow platform_app download_file:file rw_file_perms;`
			`# Allow BackupManagerService to backup all app domains`
			`allow platform_app appdomain:fifo_file write;`

			`#`
			`# Rules for all platform app domains.`
			`#`

			`# App sandbox file accesses.`
			`allow platformappdomain platform_app_data_file:dir create_dir_perms;`
			`allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_perms;`
			`# App sdcard file accesses`
			`allow platformappdomain sdcard_type:dir create_dir_perms;`
			`allow platformappdomain sdcard_type:file create_file_perms;`