tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

drmserver: audit permissions for /data/app

Browse source 
We would like to assert that only PackageManager can make
modifications to /data/app. However, I first need to remove
some existing permissions that seem like they are no longer
used (as per jtinker@). Add audit statements to confirm.

Test: build
Change-Id: Ie5ec5199f7e2f862c4d16d8c86b9b0db6fbe481c
This commit is contained in:
Jeff Vander Stoep 2020-12-09 09:16:51 +01:00
parent 2543715187
commit 5e6d60a2a5
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/drmserver.te
View file

@ -30,7 +30,9 @@ type drmserver_socket, file_type;
# /data/app/tlcd_sock socket file.
# Clearly, /data/app is the most logical place to create a socket. Not.
allow drmserver apk_data_file:dir rw_dir_perms;
auditallow drmserver apk_data_file:dir { add_name write };
allow drmserver drmserver_socket:sock_file create_file_perms;
auditallow drmserver drmserver_socket:sock_file create;
# Delete old socket file if present.
allow drmserver apk_data_file:sock_file unlink;