2017-02-13 22:33:27 +01:00
|
|
|
###
|
|
|
|
### Untrusted_app_25
|
|
|
|
###
|
|
|
|
### This file defines the rules for untrusted apps running with
|
|
|
|
### targetSdkVersion <= 25.
|
|
|
|
###
|
2020-01-20 10:14:48 +01:00
|
|
|
### See public/untrusted_app.te for more information about which apps are
|
|
|
|
### placed in this selinux domain.
|
2017-02-13 22:33:27 +01:00
|
|
|
###
|
|
|
|
|
2017-03-23 22:27:32 +01:00
|
|
|
typeattribute untrusted_app_25 coredomain;
|
|
|
|
|
2017-02-13 22:33:27 +01:00
|
|
|
app_domain(untrusted_app_25)
|
|
|
|
untrusted_app_domain(untrusted_app_25)
|
|
|
|
net_domain(untrusted_app_25)
|
|
|
|
bluetooth_domain(untrusted_app_25)
|
|
|
|
|
2017-03-03 21:17:49 +01:00
|
|
|
# b/35917228 - /proc/misc access
|
|
|
|
# This will go away in a future Android release
|
|
|
|
allow untrusted_app_25 proc_misc:file r_file_perms;
|
2017-03-05 05:09:10 +01:00
|
|
|
|
|
|
|
# Access to /proc/tty/drivers, to allow apps to determine if they
|
|
|
|
# are running in an emulated environment.
|
|
|
|
# b/33214085 b/33814662 b/33791054 b/33211769
|
|
|
|
# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
|
|
|
|
# This will go away in a future Android release
|
|
|
|
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
|
Start the process of locking down proc/net
Files in /proc/net leak information. This change is the first step in
determining which files apps may use, whitelisting benign access, and
otherwise removing access while providing safe alternative APIs.
To that end, this change:
* Introduces the proc_net_type attribute which will assigned to any
new SELinux types in /proc/net to avoid removing access to privileged
processes. These processes may be evaluated later, but are lower
priority than apps.
* Labels /proc/net/{tcp,tcp6,udp,udp6} as proc_net_vpn due to existing
use by VPN apps. This may be replaced by an alternative API.
* Audits all other proc/net access for apps.
* Audits proc/net access for other processes which are currently
granted broad read access to /proc/net but should not be including
storaged, zygote, clatd, logd, preopt2cachename and vold.
Bug: 9496886
Bug: 68016944
Test: Boot Taimen-userdebug. On both wifi and cellular: stream youtube
navigate maps, send text message, make voice call, make video call.
Verify no avc "granted" messages in the logs.
Test: A few VPN apps including "VPN Monster", "Turbo VPN", and
"Freighter". Verify no logspam with the current setup.
Test: atest CtsNativeNetTestCases
Test: atest netd_integration_test
Test: atest QtaguidPermissionTest
Test: atest FileSystemPermissionTest
Change-Id: I7e49f796a25cf68bc698c6c9206e24af3ae11457
Merged-In: I7e49f796a25cf68bc698c6c9206e24af3ae11457
(cherry picked from commit 087318957f26e921d62f2e234fc14bff3c59030e)
2018-04-10 21:47:48 +02:00
|
|
|
|
2019-04-02 22:01:10 +02:00
|
|
|
# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
|
2018-08-08 00:14:34 +02:00
|
|
|
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
|
|
|
|
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
|
2018-11-02 19:12:43 +01:00
|
|
|
|
2018-12-21 19:03:50 +01:00
|
|
|
# The ability to call exec() on files in the apps home directories
|
|
|
|
# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
|
|
|
|
# and 28 in untrusted_app_27.te.
|
|
|
|
allow untrusted_app_25 app_data_file:file execute_no_trans;
|
2019-01-28 11:33:08 +01:00
|
|
|
auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans };
|
2018-11-20 00:02:49 +01:00
|
|
|
|
|
|
|
# The ability to invoke dex2oat. Historically required by ART, now only
|
|
|
|
# allowed for targetApi<=28 for compat reasons.
|
|
|
|
allow untrusted_app_25 dex2oat_exec:file rx_file_perms;
|
2018-11-20 19:45:56 +01:00
|
|
|
userdebug_or_eng(`auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;')
|
2019-01-27 22:39:19 +01:00
|
|
|
|
|
|
|
# The ability to talk to /dev/ashmem directly. targetApi>=29 must use
|
|
|
|
# ASharedMemory instead.
|
|
|
|
allow untrusted_app_25 ashmem_device:chr_file rw_file_perms;
|
2019-02-12 23:14:30 +01:00
|
|
|
auditallow untrusted_app_25 ashmem_device:chr_file open;
|
2019-04-12 00:23:24 +02:00
|
|
|
|
|
|
|
# Read /mnt/sdcard symlink.
|
|
|
|
allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms;
|
2020-01-20 10:14:48 +01:00
|
|
|
|
|
|
|
# allow binding to netlink route sockets and sending RTM_GETLINK messages.
|
|
|
|
allow untrusted_app_25 self:netlink_route_socket { bind nlmsg_readpriv };
|