tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Partially revert "mediaprovider" SELinux domain.

Browse source 
The new domain wasn't fully tested, and it caused many regressions
on the daily build.  Revert back to using "priv_app" domain until we
can fully test and re-land the new domain.

Temporarily add the USB functionfs capabilities to priv_app domain
to keep remainder of MtpService changes working; 33574909 is tracking
removing that from the priv_app domain.

Test: builds, boots, verified UI and downloads
Bug: 33569176, 33568261, 33574909
Change-Id: I1bd0561d52870df0fe488e59ae8307b89978a9cb
This commit is contained in:
Jeff Sharkey 2016-12-13 09:19:38 -07:00
parent 0a80782877
commit 52da39d9a4
4 changed files with 14 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/mediaprovider.te
View file

@ -1 +0,0 @@
app_domain(mediaprovider)

1
private/seapp_contexts
View file

@ -93,7 +93,6 @@ user=radio seinfo=platform domain=radio type=radio_data_file
user=shared_relro domain=shared_relro
user=shell seinfo=platform domain=shell type=shell_data_file
user=_isolated domain=isolated_app levelFrom=user
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=ephemeral_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user

50
public/mediaprovider.te
View file

@ -1,50 +0,0 @@
type mediaprovider, domain;
# MtpServer uses /dev/mtp_usb
allow mediaprovider mtp_device:chr_file rw_file_perms;
# MtpServer uses /dev/usb-ffs/mtp
allow mediaprovider functionfs:dir search;
allow mediaprovider functionfs:file rw_file_perms;
# MtpServer sets sys.usb.ffs.mtp.ready
set_prop(mediaprovider, ffs_prop)
allow mediaprovider mediacodec_service:service_manager find;
allow mediaprovider mediadrmserver_service:service_manager find;
allow mediaprovider mediaextractor_service:service_manager find;
allow mediaprovider mediaserver_service:service_manager find;
allow mediaprovider app_api_service:service_manager find;
allow mediaprovider system_api_service:service_manager find;
# /sys and /proc access
r_dir_file(mediaprovider, sysfs_type)
r_dir_file(mediaprovider, proc)
r_dir_file(mediaprovider, rootfs)
# Access to /data/preloads
allow mediaprovider preloads_data_file:file r_file_perms;
###
### neverallow rules (see corresponding rules in priv_app)
###
# Receive or send uevent messages.
neverallow mediaprovider domain:netlink_kobject_uevent_socket *;
# Receive or send generic netlink messages
neverallow mediaprovider domain:netlink_socket *;
# Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable.
neverallow mediaprovider debugfs:file read;
# Only trusted components of Android should be registering
# services.
neverallow mediaprovider service_manager_type:service_manager add;
# Do not allow mediaprovider to be assigned mlstrustedsubject.
neverallow mediaprovider mlstrustedsubject:process fork;
# Do not allow mediaprovider to hard link to any files.
neverallow mediaprovider file_type:file link;

14
public/priv_app.te
View file

@ -89,6 +89,20 @@ allow priv_app ringtone_file:file { getattr read write };
allow priv_app preloads_data_file:file r_file_perms;
allow priv_app preloads_data_file:dir r_dir_perms;
# TODO: revert this as part of fixing 33574909
# android.process.media uses /dev/mtp_usb
allow priv_app mtp_device:chr_file rw_file_perms;
# TODO: revert this as part of fixing 33574909
# MtpServer uses /dev/usb-ffs/mtp
allow priv_app functionfs:dir search;
allow priv_app functionfs:file rw_file_perms;
# TODO: revert this as part of fixing 33574909
# Traverse into /mnt/media_rw for bypassing FUSE daemon
# TODO: narrow this to just MediaProvider
allow priv_app mnt_media_rw_file:dir search;
###
### neverallow rules
###