Remove untrusted app access to /proc/net
This change is for testing potential app-compat issues when removing access to file in /proc/net. See: b/114475727#comment11. Bug: 114475727 Test: build/boot taimen. Test: atest CtsLibcoreOjTestCases Test: FileSystemPermissionTest Test: ListeningPortsTest b/114772424 Change-Id: I1db1c2b41308e47c9ec9db57ea8597a650c8906d
This commit is contained in:
Jeff Vander Stoep
parent
646ef391fa
commit
6784f80bad
1 changed files with 0 additions and 12 deletions
|
|
@ -135,18 +135,6 @@ dontaudit untrusted_app_all proc_uptime:file read;
|
|||
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
|
||||
create_pty(untrusted_app_all)
|
||||
|
||||
# /proc/net access.
|
||||
# TODO(b/9496886) Audit access for removal.
|
||||
# VPN apps require access to /proc/net/{tcp,udp} so access will need to be
|
||||
# limited through a mechanism other than SELinux.
|
||||
r_dir_file(untrusted_app_all, proc_net_type)
|
||||
userdebug_or_eng(`
|
||||
auditallow untrusted_app_all {
|
||||
proc_net_type
|
||||
-proc_net_vpn
|
||||
}:{ dir file lnk_file } { getattr open read };
|
||||
')
|
||||
|
||||
# Attempts to write to system_data_file is generally a sign
|
||||
# that apps are attempting to access encrypted storage before
|
||||
# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
|
||||
|
|
|
|||
Loading…
Reference in a new issue