Neverallow app open access to /dev/ashmem
Apps are no longer allowed open access to /dev/ashmem, unless they target API level < Q. Bug: 113362644 Test: device boots, Chrome, instant apps work Change-Id: I1cff08f26159fbf48a42afa7cfa08eafa1936f42
This commit is contained in:
parent
1c8b376f81
commit
8b12ff5f21
8 changed files with 19 additions and 15 deletions
|
@ -335,15 +335,10 @@ neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;
|
|||
# Untrusted apps are not allowed to use cgroups.
|
||||
neverallow all_untrusted_apps cgroup:file *;
|
||||
|
||||
# TODO(b/113362644): remove open permission from these domains.
|
||||
# Untrusted apps targetting >= Q are not allowed to open /dev/ashmem directly.
|
||||
#neverallow {
|
||||
# all_untrusted_apps
|
||||
# TODO(b/113362644): route mediaprovider to ashmemd
|
||||
# -mediaprovider
|
||||
# -untrusted_app_25
|
||||
# -untrusted_app_27
|
||||
#} ashmem_device:chr_file open;
|
||||
# In preparation to remove open permission, we audit open operations on
|
||||
# /dev/ashmem.
|
||||
auditallow all_untrusted_apps ashmem_device:chr_file open;
|
||||
# They must use ASharedMemory NDK API instead.
|
||||
neverallow {
|
||||
all_untrusted_apps
|
||||
-untrusted_app_25
|
||||
-untrusted_app_27
|
||||
} ashmem_device:chr_file open;
|
||||
|
|
|
@ -65,6 +65,8 @@ can_profile_heap(ephemeral_app)
|
|||
allow ephemeral_app system_server:udp_socket {
|
||||
connect getattr read recvfrom sendto write getopt setopt };
|
||||
|
||||
allow ephemeral_app ashmem_device:chr_file { getattr read write ioctl };
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
|
@ -64,6 +64,8 @@ unix_socket_connect(isolated_app, traced_producer, traced)
|
|||
# debuggable.
|
||||
can_profile_heap(isolated_app)
|
||||
|
||||
allow isolated_app ashmem_device:chr_file { getattr read write ioctl };
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
|
|
@ -42,3 +42,5 @@ allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
|
|||
# MtpServer sets sys.usb.ffs.mtp.ready
|
||||
set_prop(mediaprovider, ffs_prop)
|
||||
set_prop(mediaprovider, exported_ffs_prop)
|
||||
|
||||
allow mediaprovider ashmem_device:chr_file { getattr read write ioctl };
|
||||
|
|
|
@ -60,3 +60,4 @@ userdebug_or_eng(`auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;')
|
|||
# The ability to talk to /dev/ashmem directly. targetApi>=29 must use
|
||||
# ASharedMemory instead.
|
||||
allow untrusted_app_25 ashmem_device:chr_file rw_file_perms;
|
||||
auditallow untrusted_app_25 ashmem_device:chr_file open;
|
||||
|
|
|
@ -40,3 +40,4 @@ userdebug_or_eng(`auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;')
|
|||
# The ability to talk to /dev/ashmem directly. targetApi>=29 must use
|
||||
# ASharedMemory instead.
|
||||
allow untrusted_app_27 ashmem_device:chr_file rw_file_perms;
|
||||
auditallow untrusted_app_27 ashmem_device:chr_file open;
|
||||
|
|
|
@ -188,3 +188,4 @@ userdebug_or_eng(`
|
|||
|
||||
# Allow access to ashmemd to request /dev/ashmem fds.
|
||||
binder_call(untrusted_app_all, ashmemd)
|
||||
allow untrusted_app_all ashmem_device:chr_file { getattr read write ioctl };
|
||||
|
|
|
@ -68,10 +68,10 @@ allow {
|
|||
domain
|
||||
# TODO(b/113362644): route coredomain to ashmemd
|
||||
#-coredomain
|
||||
# TODO(b/113362644): remove open permission from apps.
|
||||
#-ephemeral_app
|
||||
#-isolated_app
|
||||
#-untrusted_app_all
|
||||
-mediaprovider
|
||||
-ephemeral_app
|
||||
-isolated_app
|
||||
-untrusted_app_all
|
||||
} ashmem_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow using fds to /dev/ashmem.
|
||||
|
|
Loading…
Reference in a new issue