Block access to xt_qtaguid proc files
In the next Android release, there will be devices that have no xt_qtaguid module at all and framework and netd will decide which code path it takes for trafficStats depending on the device setup. So all apps and services should not depend on this device specific implementation anymore and use public API for the data they need. Bug: 114475331 Bug: 79938294 Test: QtaguidPermissionTest Change-Id: I0d37b2df23782eefa2e8977c6cdbf9210db3e0d2
This commit is contained in:
Chenbo Feng
parent
bc71a6109e
commit
16dbe82eaf
4 changed files with 0 additions and 28 deletions
|
|
@ -92,21 +92,6 @@ r_dir_file(priv_app, proc_net_type)
|
|||
userdebug_or_eng(`
|
||||
auditallow priv_app proc_net_type:{ dir file lnk_file } { getattr open read };
|
||||
')
|
||||
# TODO(b/68774956) qtaguid access has been moved to netd. Access is deprecated. Audit for
|
||||
# removal.
|
||||
allow priv_app proc_qtaguid_ctrl:file rw_file_perms;
|
||||
userdebug_or_eng(`
|
||||
auditallow priv_app proc_qtaguid_ctrl:file rw_file_perms;
|
||||
')
|
||||
r_dir_file(priv_app, proc_qtaguid_stat)
|
||||
userdebug_or_eng(`
|
||||
auditallow priv_app proc_qtaguid_stat:dir r_dir_perms;
|
||||
auditallow priv_app proc_qtaguid_stat:file r_file_perms;
|
||||
')
|
||||
allow priv_app qtaguid_device:chr_file r_file_perms;
|
||||
userdebug_or_eng(`
|
||||
auditallow priv_app qtaguid_device:chr_file r_file_perms;
|
||||
')
|
||||
|
||||
allow priv_app sysfs_type:dir search;
|
||||
# Read access to /sys/class/net/wlan*/address
|
||||
|
|
|
|||
|
|
@ -41,12 +41,6 @@ allow untrusted_app_25 proc_misc:file r_file_perms;
|
|||
# This will go away in a future Android release
|
||||
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
|
||||
|
||||
# qtaguid access. This is not a public API. Access will be removed in a
|
||||
# future version of Android.
|
||||
allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
|
||||
r_dir_file(untrusted_app_25, proc_qtaguid_stat)
|
||||
allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
|
||||
|
||||
# Text relocation support for API < 23
|
||||
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
|
||||
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
|
||||
|
|
|
|||
|
|
@ -26,9 +26,3 @@ app_domain(untrusted_app_27)
|
|||
untrusted_app_domain(untrusted_app_27)
|
||||
net_domain(untrusted_app_27)
|
||||
bluetooth_domain(untrusted_app_27)
|
||||
|
||||
# qtaguid access. This is not a public API. Access will be removed in a
|
||||
# future version of Android.
|
||||
allow untrusted_app_27 proc_qtaguid_ctrl:file rw_file_perms;
|
||||
r_dir_file(untrusted_app_27, proc_qtaguid_stat)
|
||||
allow untrusted_app_27 qtaguid_device:chr_file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -129,7 +129,6 @@ allow shell {
|
|||
proc_meminfo
|
||||
proc_modules
|
||||
proc_pid_max
|
||||
proc_qtaguid_stat
|
||||
proc_slabinfo
|
||||
proc_stat
|
||||
proc_timer
|
||||
|
|
|
|||
Loading…
Reference in a new issue