tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Block access to xt_qtaguid proc files"

Browse source
This commit is contained in:
Treehugger Robot 2018-09-28 18:35:47 +00:00 committed by Gerrit Code Review
commit 21eed51185
4 changed files with 0 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
private/priv_app.te
View file

@ -92,21 +92,6 @@ r_dir_file(priv_app, proc_net_type)
userdebug_or_eng(`
auditallow priv_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
# TODO(b/68774956) qtaguid access has been moved to netd. Access is deprecated. Audit for
# removal.
allow priv_app proc_qtaguid_ctrl:file rw_file_perms;
userdebug_or_eng(`
auditallow priv_app proc_qtaguid_ctrl:file rw_file_perms;
')
r_dir_file(priv_app, proc_qtaguid_stat)
userdebug_or_eng(`
auditallow priv_app proc_qtaguid_stat:dir r_dir_perms;
auditallow priv_app proc_qtaguid_stat:file r_file_perms;
')
allow priv_app qtaguid_device:chr_file r_file_perms;
userdebug_or_eng(`
auditallow priv_app qtaguid_device:chr_file r_file_perms;
')
allow priv_app sysfs_type:dir search;
# Read access to /sys/class/net/wlan*/address

6
private/untrusted_app_25.te
View file

@ -41,12 +41,6 @@ allow untrusted_app_25 proc_misc:file r_file_perms;
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
# qtaguid access. This is not a public API. Access will be removed in a
# future version of Android.
allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
r_dir_file(untrusted_app_25, proc_qtaguid_stat)
allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
# Text relocation support for API < 23
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;

6
private/untrusted_app_27.te
View file

@ -26,9 +26,3 @@ app_domain(untrusted_app_27)
untrusted_app_domain(untrusted_app_27)
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
# qtaguid access. This is not a public API. Access will be removed in a
# future version of Android.
allow untrusted_app_27 proc_qtaguid_ctrl:file rw_file_perms;
r_dir_file(untrusted_app_27, proc_qtaguid_stat)
allow untrusted_app_27 qtaguid_device:chr_file r_file_perms;

1
public/shell.te
View file

@ -129,7 +129,6 @@ allow shell {
proc_meminfo
proc_modules
proc_pid_max
proc_qtaguid_stat
proc_slabinfo
proc_stat
proc_timer