Merge "Add autoplay_app domain"
This commit is contained in:
Jeffrey Vander Stoep
Android (Google) Code Review
commit
4be676f3cc
4 changed files with 30 additions and 8 deletions
13
autoplay_app.te
Normal file
13
autoplay_app.te
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
###
|
||||
### AutoPlay apps.
|
||||
###
|
||||
### This file defines the security policy for apps with the autoplay
|
||||
### feature.
|
||||
###
|
||||
### The autoplay_app domain is a reduced permissions sandbox allowing
|
||||
### ephemeral applications to be safely installed and run. Non ephemeral
|
||||
### applications may also opt-in to autoplay to take advantage of the
|
||||
### additional security features.
|
||||
###
|
||||
### PackageManager flags an app as autoplay at install time.
|
||||
type autoplay_app, domain;
|
||||
1
file.te
1
file.te
|
|
@ -133,6 +133,7 @@ type method_trace_data_file, file_type, data_file_type, mlstrustedobject;
|
|||
typealias audio_data_file alias audio_firmware_file;
|
||||
# /data/data subdirectories - app sandboxes
|
||||
type app_data_file, file_type, data_file_type;
|
||||
type autoplay_data_file, file_type, data_file_type;
|
||||
# /data/data subdirectory for system UID apps.
|
||||
type system_app_data_file, file_type, data_file_type, mlstrustedobject;
|
||||
# Compatibility with type name used in Android 4.3 and 4.4.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
# Input selectors:
|
||||
# isSystemServer (boolean)
|
||||
# isAutoPlayApp (boolean)
|
||||
# isOwner (boolean)
|
||||
# user (string)
|
||||
# seinfo (string)
|
||||
|
|
@ -8,6 +9,7 @@
|
|||
# isPrivApp (boolean)
|
||||
# isSystemServer=true can only be used once.
|
||||
# An unspecified isSystemServer defaults to false.
|
||||
# isAutoPlayApp=true will match apps marked by PackageManager as AutoPlay
|
||||
# isOwner=true will only match for the owner/primary user.
|
||||
# isOwner=false will only match for secondary users.
|
||||
# If unspecified, the entry can match either case.
|
||||
|
|
@ -22,15 +24,16 @@
|
|||
#
|
||||
# Precedence rules:
|
||||
# (1) isSystemServer=true before isSystemServer=false.
|
||||
# (2) Specified isOwner= before unspecified isOwner= boolean.
|
||||
# (3) Specified user= string before unspecified user= string.
|
||||
# (4) Fixed user= string before user= prefix (i.e. ending in *).
|
||||
# (5) Longer user= prefix before shorter user= prefix.
|
||||
# (6) Specified seinfo= string before unspecified seinfo= string.
|
||||
# (2) Specified isAutoPlayApp= before unspecified isAutoPlayApp= boolean.
|
||||
# (3) Specified isOwner= before unspecified isOwner= boolean.
|
||||
# (4) Specified user= string before unspecified user= string.
|
||||
# (5) Fixed user= string before user= prefix (i.e. ending in *).
|
||||
# (6) Longer user= prefix before shorter user= prefix.
|
||||
# (7) Specified seinfo= string before unspecified seinfo= string.
|
||||
# ':' character is reserved and may not be used.
|
||||
# (7) Specified name= string before unspecified name= string.
|
||||
# (8) Specified path= string before unspecified path= string.
|
||||
# (9) Specified isPrivApp= before unspecified isPrivApp= boolean.
|
||||
# (8) Specified name= string before unspecified name= string.
|
||||
# (9) Specified path= string before unspecified path= string.
|
||||
# (10) Specified isPrivApp= before unspecified isPrivApp= boolean.
|
||||
#
|
||||
# Outputs:
|
||||
# domain (string)
|
||||
|
|
@ -79,6 +82,9 @@ neverallow user=((?!_isolated).)* domain=isolated_app
|
|||
# uid's can be in shell domain
|
||||
neverallow user=shell domain=((?!shell).)*
|
||||
|
||||
# AutoPlay Apps must run in the autoplay_app domain
|
||||
neverallow isAutoPlayApp=true domain=((?!autoplay_app).)*
|
||||
|
||||
isSystemServer=true domain=system_server
|
||||
user=system seinfo=platform domain=system_app type=system_app_data_file
|
||||
user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
|
||||
|
|
@ -88,5 +94,6 @@ user=shared_relro domain=shared_relro
|
|||
user=shell seinfo=platform domain=shell type=shell_data_file
|
||||
user=_isolated domain=isolated_app levelFrom=user
|
||||
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
|
||||
user=_app isAutoPlayApp=true domain=autoplay_app type=autoplay_data_file levelFrom=all
|
||||
user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
|
||||
user=_app domain=untrusted_app type=app_data_file levelFrom=user
|
||||
|
|
|
|||
|
|
@ -204,6 +204,7 @@ static list nallow_list = list_init(line_order_list_freefn);
|
|||
key_map rules[] = {
|
||||
/*Inputs*/
|
||||
{ .name = "isSystemServer", .type = dt_bool, .dir = dir_in, .data = NULL },
|
||||
{ .name = "isAutoPlayApp", .type = dt_bool, .dir = dir_in, .data = NULL },
|
||||
{ .name = "isOwner", .type = dt_bool, .dir = dir_in, .data = NULL },
|
||||
{ .name = "user", .type = dt_string, .dir = dir_in, .data = NULL },
|
||||
{ .name = "seinfo", .type = dt_string, .dir = dir_in, .data = NULL },
|
||||
|
|
|
|||
Loading…
Reference in a new issue