Merge "Introduce app_data_file_type attribute."
This commit is contained in:
Alan Stokes
Gerrit Code Review
commit
9f7d1ff0f1
11 changed files with 30 additions and 95 deletions
|
|
@ -93,14 +93,7 @@ neverallow app_zygote property_socket:sock_file write;
|
|||
neverallow app_zygote property_type:property_service set;
|
||||
|
||||
# Should not have any access to data files.
|
||||
neverallow app_zygote {
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
}:file { rwx_file_perms };
|
||||
neverallow app_zygote app_data_file_type:file { rwx_file_perms };
|
||||
|
||||
neverallow app_zygote {
|
||||
service_manager_type
|
||||
|
|
|
|||
|
|
@ -79,7 +79,8 @@
|
|||
# domain= determines the label to be used for the app process; entries
|
||||
# without domain= are ignored for this purpose.
|
||||
# type= specifies the label to be used for the app data directory; entries
|
||||
# without type= are ignored for this purpose.
|
||||
# without type= are ignored for this purpose. The label specified must
|
||||
# have the app_data_file_type attribute.
|
||||
# levelFrom and level are used to determine the level (sensitivity + categories)
|
||||
# for MLS/MCS.
|
||||
# levelFrom=none omits the level.
|
||||
|
|
|
|||
|
|
@ -520,16 +520,7 @@ allow system_server staging_data_file:dir create_dir_perms;
|
|||
allow system_server staging_data_file:file create_file_perms;
|
||||
|
||||
# Walk /data/data subdirectories.
|
||||
# Types extracted from seapp_contexts type= fields.
|
||||
allow system_server {
|
||||
system_app_data_file
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
}:dir { getattr read search };
|
||||
allow system_server app_data_file_type:dir { getattr read search };
|
||||
|
||||
# Also permit for unlabeled /data/data subdirectories and
|
||||
# for unlabeled asec containers on upgrades from 4.2.
|
||||
|
|
@ -542,16 +533,7 @@ allow system_server system_app_data_file:dir create_dir_perms;
|
|||
allow system_server system_app_data_file:file create_file_perms;
|
||||
|
||||
# Receive and use open app data files passed over binder IPC.
|
||||
# Types extracted from seapp_contexts type= fields.
|
||||
allow system_server {
|
||||
system_app_data_file
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
}:file { getattr read write append map };
|
||||
allow system_server app_data_file_type:file { getattr read write append map };
|
||||
|
||||
# Access to /data/media for measuring disk usage.
|
||||
allow system_server media_rw_data_file:dir { search getattr open read };
|
||||
|
|
@ -1042,14 +1024,11 @@ neverallow system_server sdcard_type:file rw_file_perms;
|
|||
# system server should never be operating on zygote spawned app data
|
||||
# files directly. Rather, they should always be passed via a
|
||||
# file descriptor.
|
||||
# Types extracted from seapp_contexts type= fields, excluding
|
||||
# those types that system_server needs to open directly.
|
||||
# Exclude those types that system_server needs to open directly.
|
||||
neverallow system_server {
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
app_data_file_type
|
||||
-system_app_data_file
|
||||
-radio_data_file
|
||||
}:file { open create unlink link };
|
||||
|
||||
# Forking and execing is inherently dangerous and racy. See, for
|
||||
|
|
|
|||
|
|
@ -103,15 +103,7 @@ neverallow webview_zygote property_socket:sock_file write;
|
|||
neverallow webview_zygote property_type:property_service set;
|
||||
|
||||
# Should not have any access to app data files.
|
||||
neverallow webview_zygote {
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
system_app_data_file
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
}:file { rwx_file_perms };
|
||||
neverallow webview_zygote app_data_file_type:file { rwx_file_perms };
|
||||
|
||||
neverallow webview_zygote {
|
||||
service_manager_type
|
||||
|
|
|
|||
|
|
@ -77,15 +77,10 @@ allow zygote tmpfs:lnk_file create;
|
|||
|
||||
allow zygote mirror_data_file:dir r_dir_perms;
|
||||
|
||||
# Get inode of data directories
|
||||
# Get inode of directories for app data isolation
|
||||
allow zygote {
|
||||
app_data_file_type
|
||||
system_data_file
|
||||
radio_data_file
|
||||
app_data_file
|
||||
shell_data_file
|
||||
bluetooth_data_file
|
||||
privapp_data_file
|
||||
nfc_data_file
|
||||
mnt_expand_file
|
||||
}:dir getattr;
|
||||
|
||||
|
|
@ -245,7 +240,4 @@ neverallow zygote {
|
|||
}:file create_file_perms;
|
||||
|
||||
# Zygote should not be able to access app private data.
|
||||
neverallow zygote {
|
||||
privapp_data_file
|
||||
app_data_file
|
||||
}:dir ~getattr;
|
||||
neverallow zygote app_data_file_type:dir ~getattr;
|
||||
|
|
|
|||
|
|
@ -34,6 +34,10 @@ expandattribute data_file_type false;
|
|||
attribute core_data_file_type;
|
||||
expandattribute core_data_file_type false;
|
||||
|
||||
# All types used for app private data files under /data/data.
|
||||
attribute app_data_file_type;
|
||||
expandattribute app_data_file_type false;
|
||||
|
||||
# All types in /system
|
||||
attribute system_file_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -1216,6 +1216,7 @@ neverallow {
|
|||
-dumpstate
|
||||
-init
|
||||
-installd
|
||||
-iorap_inode2filename
|
||||
-simpleperf_app_runner
|
||||
-system_server # why?
|
||||
userdebug_or_eng(`-uncrypt')
|
||||
|
|
|
|||
|
|
@ -299,7 +299,7 @@ type prereboot_data_file, file_type, data_file_type, core_data_file_type;
|
|||
# /data/resource-cache
|
||||
type resourcecache_data_file, file_type, data_file_type, core_data_file_type;
|
||||
# /data/local - writable by shell
|
||||
type shell_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
type shell_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
|
||||
# /data/property
|
||||
type property_data_file, file_type, data_file_type, core_data_file_type;
|
||||
# /data/bootchart
|
||||
|
|
@ -369,7 +369,7 @@ type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
|
|||
type apex_wifi_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type audio_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type audioserver_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type bluetooth_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type bluetooth_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
||||
type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type bootstat_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type boottrace_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
|
@ -384,9 +384,9 @@ type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrus
|
|||
type misc_user_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type net_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type nfc_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type nfc_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
||||
type nfc_logs_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
type radio_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
|
||||
type recovery_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type shared_relro_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
|
@ -407,11 +407,11 @@ type method_trace_data_file, file_type, data_file_type, core_data_file_type, mls
|
|||
type gsi_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /data/data subdirectories - app sandboxes
|
||||
type app_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
||||
# /data/data subdirectories - priv-app sandboxes
|
||||
type privapp_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type privapp_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
|
||||
# /data/data subdirectory for system UID apps.
|
||||
type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
type system_app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject;
|
||||
# Compatibility with type name used in Android 4.3 and 4.4.
|
||||
# Default type for anything under /cache
|
||||
type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
|
|
|
|||
|
|
@ -111,27 +111,8 @@ allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlin
|
|||
# upon creation via setfilecon or running restorecon_recursive,
|
||||
# setting owner/mode, creating symlinks within them, and deleting them
|
||||
# upon package uninstall.
|
||||
|
||||
# Types extracted from seapp_contexts type= fields.
|
||||
allow installd {
|
||||
system_app_data_file
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
}:dir { create_dir_perms relabelfrom relabelto };
|
||||
|
||||
allow installd {
|
||||
system_app_data_file
|
||||
bluetooth_data_file
|
||||
nfc_data_file
|
||||
radio_data_file
|
||||
shell_data_file
|
||||
app_data_file
|
||||
privapp_data_file
|
||||
}:notdevfile_class_set { create_file_perms relabelfrom relabelto };
|
||||
allow installd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
|
||||
allow installd app_data_file_type:notdevfile_class_set { create_file_perms relabelfrom relabelto };
|
||||
|
||||
# Allow zygote to unmount mirror directories
|
||||
allow installd labeledfs:filesystem unmount;
|
||||
|
|
|
|||
|
|
@ -21,24 +21,18 @@ allow iorap_inode2filename apex_mnt_dir:dir { getattr open read search };
|
|||
allow iorap_inode2filename apex_mnt_dir:file { getattr };
|
||||
allow iorap_inode2filename apk_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename apk_data_file:file { getattr };
|
||||
allow iorap_inode2filename app_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename app_data_file:file { getattr };
|
||||
allow iorap_inode2filename app_data_file_type:dir { getattr open read search };
|
||||
allow iorap_inode2filename app_data_file_type:file { getattr };
|
||||
allow iorap_inode2filename backup_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename backup_data_file:file { getattr };
|
||||
allow iorap_inode2filename bluetooth_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename bluetooth_data_file:file { getattr };
|
||||
allow iorap_inode2filename bootchart_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename bootchart_data_file:file { getattr };
|
||||
allow iorap_inode2filename metadata_file:dir { getattr open read search search };
|
||||
allow iorap_inode2filename metadata_file:file { getattr };
|
||||
allow iorap_inode2filename packages_list_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename packages_list_file:file { getattr };
|
||||
allow iorap_inode2filename privapp_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename privapp_data_file:file { getattr };
|
||||
allow iorap_inode2filename property_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename property_data_file:file { getattr };
|
||||
allow iorap_inode2filename radio_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename radio_data_file:file { getattr };
|
||||
allow iorap_inode2filename resourcecache_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename resourcecache_data_file:file { getattr };
|
||||
allow iorap_inode2filename recovery_data_file:dir { getattr open read search };
|
||||
|
|
@ -51,8 +45,6 @@ allow iorap_inode2filename staging_data_file:dir { getattr open read search };
|
|||
allow iorap_inode2filename staging_data_file:file { getattr };
|
||||
allow iorap_inode2filename system_bootstrap_lib_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename system_bootstrap_lib_file:file { getattr };
|
||||
allow iorap_inode2filename system_app_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename system_app_data_file:file { getattr };
|
||||
allow iorap_inode2filename system_data_file:dir { getattr open read search };
|
||||
allow iorap_inode2filename system_data_file:file { getattr };
|
||||
allow iorap_inode2filename system_data_file:lnk_file { getattr open read };
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@ neverallow netd { domain }:process ptrace;
|
|||
neverallow netd system_file:dir_file_class_set write;
|
||||
|
||||
# Write to files in /data/data or system files on /data
|
||||
neverallow netd { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
|
||||
neverallow netd { app_data_file_type system_data_file }:dir_file_class_set write;
|
||||
|
||||
# only system_server, dumpstate and network stack app may find netd service
|
||||
neverallow {
|
||||
|
|
|
|||
Loading…
Reference in a new issue