Remove legacy execmod access.
am: 0f11ffccf9
Change-Id: I0f85ecb4a1dc6464becce64fb8539cd2f8e1a779
This commit is contained in:
Alan Stokes
android-build-merger
commit
a8898820d6
2 changed files with 5 additions and 24 deletions
|
|
@ -21,18 +21,15 @@
|
|||
### Note that rules that should apply to all untrusted apps must be in app.te or also
|
||||
### added to untrusted_v2_app.te and ephemeral_app.te.
|
||||
|
||||
# Legacy text relocations
|
||||
allow untrusted_app_all apk_data_file:file execmod;
|
||||
|
||||
# Some apps ship with shared libraries and binaries that they write out
|
||||
# to their sandbox directory and then execute.
|
||||
allow untrusted_app_all app_data_file:file { rx_file_perms execmod };
|
||||
allow untrusted_app_all app_data_file:file { rx_file_perms };
|
||||
|
||||
# ASEC
|
||||
allow untrusted_app_all asec_apk_file:file r_file_perms;
|
||||
allow untrusted_app_all asec_apk_file:dir r_dir_perms;
|
||||
# Execute libs in asec containers.
|
||||
allow untrusted_app_all asec_public_file:file { execute execmod };
|
||||
allow untrusted_app_all asec_public_file:file { execute };
|
||||
|
||||
# Used by Finsky / Android "Verify Apps" functionality when
|
||||
# running "adb install foo.apk".
|
||||
|
|
@ -151,10 +148,6 @@ userdebug_or_eng(`
|
|||
}:{ dir file lnk_file } { getattr open read };
|
||||
')
|
||||
|
||||
# Temporary auditing to get data on what apps use execmod.
|
||||
# TODO(b/111544476) Remove this and deny the permission if feasible.
|
||||
auditallow untrusted_app_all { apk_data_file app_data_file asec_public_file }:file execmod;
|
||||
|
||||
# Attempts to write to system_data_file is generally a sign
|
||||
# that apps are attempting to access encrypted storage before
|
||||
# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
|
||||
|
|
|
|||
|
|
@ -1113,26 +1113,14 @@ neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mou
|
|||
# su itself execute su.
|
||||
neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms;
|
||||
|
||||
# Do not allow the introduction of new execmod rules. Text relocations
|
||||
# and modification of executable pages are unsafe.
|
||||
# The only exceptions are for NDK text relocations associated with
|
||||
# https://code.google.com/p/android/issues/detail?id=23203
|
||||
# which, long term, need to go away.
|
||||
neverallow * {
|
||||
file_type
|
||||
-apk_data_file
|
||||
-app_data_file
|
||||
-asec_public_file
|
||||
}:file execmod;
|
||||
|
||||
# Do not allow making the stack or heap executable.
|
||||
# We would also like to minimize execmem but it seems to be
|
||||
# required by some device-specific service domains.
|
||||
neverallow * self:process { execstack execheap };
|
||||
|
||||
# prohibit non-zygote spawned processes from using shared libraries
|
||||
# with text relocations. b/20013628 .
|
||||
neverallow { domain -untrusted_app_all } file_type:file execmod;
|
||||
# Do not allow the introduction of execmod rules. Text relocations
|
||||
# and modification of executable pages are unsafe.
|
||||
neverallow * file_type:file execmod;
|
||||
|
||||
neverallow { domain -init } proc:{ file dir } mounton;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue