Merge changes from topic "iso_compute"

* changes:
  Add isolated_compute_app domain
  Share isolated properties across islolated apps

private/app.te

@@ -5,7 +5,7 @@
 r_dir_file({
   appdomain
   -ephemeral_app
-  -isolated_app
+  -isolated_app_all
   -platform_app
   -priv_app
   -shell
@@ -18,7 +18,7 @@ userdebug_or_eng(`
   auditallow {
     appdomain
     -ephemeral_app
-    -isolated_app
+    -isolated_app_all
     -platform_app
     -priv_app
     -shell
@@ -149,53 +149,53 @@ binder_call(appdomain, sdk_sandbox)
 
 # Allow access to external storage; we have several visible mount points under /storage
 # and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } storage_file:dir r_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } storage_file:lnk_file r_file_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } mnt_user_file:dir r_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } mnt_user_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } storage_file:dir r_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } storage_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } mnt_user_file:dir r_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } mnt_user_file:lnk_file r_file_perms;
 
 # Read/write visible storage
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:dir create_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:file create_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:dir create_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:file create_file_perms;
 # This should be removed if sdcardfs is modified to alter the secontext for its
 # accesses to the underlying FS.
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } media_rw_data_file:dir create_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } media_rw_data_file:file create_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } media_rw_data_file:dir create_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } media_rw_data_file:file create_file_perms;
 
 # Allow apps to use the USB Accessory interface.
 # http://developer.android.com/guide/topics/connectivity/usb/accessory.html
 #
 # USB devices are first opened by the system server (USBDeviceManagerService)
 # and the file descriptor is passed to the right Activity via binder.
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } usb_device:chr_file { read write getattr ioctl };
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } usbaccessory_device:chr_file { read write getattr };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } usb_device:chr_file { read write getattr ioctl };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } usbaccessory_device:chr_file { read write getattr };
 
 #logd access
 control_logd({ appdomain -ephemeral_app -sdk_sandbox })
 
 # application inherit logd write socket (urge is to deprecate this long term)
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore:keystore_key { get_state get insert delete exist list sign verify };
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore:keystore2_key { delete use get_info rebind update };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore:keystore_key { get_state get insert delete exist list sign verify };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore:keystore2_key { delete use get_info rebind update };
 
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore_maintenance_service:service_manager find;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore:keystore2 get_state;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore_maintenance_service:service_manager find;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore:keystore2 get_state;
 
-use_keystore({ appdomain -isolated_app -ephemeral_app -sdk_sandbox })
+use_keystore({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox })
 
-use_credstore({ appdomain -isolated_app -ephemeral_app -sdk_sandbox })
+use_credstore({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox })
 
 # For app fuse.
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, display_client)
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, display_manager)
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, display_vsync)
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, performance_client)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, display_client)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, display_manager)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, display_vsync)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, performance_client)
 # Apps do not directly open the IPC socket for bufferhubd.
-pdx_use({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, bufferhub_client)
+pdx_use({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, bufferhub_client)
 
 # Apps receive an open tun fd from the framework for
 # device traffic. Do not allow untrusted app to directly open tun_device
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } tun_device:chr_file { read write getattr append ioctl };
-allowxperm { appdomain -isolated_app -ephemeral_app -sdk_sandbox } tun_device:chr_file ioctl TUNGETIFF;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } tun_device:chr_file { read write getattr append ioctl };
+allowxperm { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } tun_device:chr_file ioctl TUNGETIFF;
 
 
 # WebView and other application-specific JIT compilers
@@ -221,8 +221,8 @@ allow appdomain dalvikcache_data_file:dir { search getattr };
 allow appdomain dalvikcache_data_file:file r_file_perms;
 
 # Read the /sdcard and /mnt/sdcard symlinks
-allow { appdomain -isolated_app -sdk_sandbox } rootfs:lnk_file r_file_perms;
-allow { appdomain -isolated_app -sdk_sandbox } tmpfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -sdk_sandbox } rootfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -sdk_sandbox } tmpfs:lnk_file r_file_perms;
 
 # Search /storage/emulated tmpfs mount.
 allow { appdomain -sdk_sandbox } tmpfs:dir r_dir_perms;
@@ -259,11 +259,11 @@ allow appdomain appdomain:fifo_file rw_file_perms;
 allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown };
 
 # App sandbox file accesses.
-allow { appdomain -isolated_app -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:dir create_dir_perms;
-allow { appdomain -isolated_app -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:file create_file_perms;
+allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:dir create_dir_perms;
+allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:file create_file_perms;
 
 # Access via already open fds is ok even for mlstrustedsubject.
-allow { appdomain -isolated_app -sdk_sandbox } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
+allow { appdomain -isolated_app_all -sdk_sandbox } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
 
 # Traverse into expanded storage
 allow appdomain mnt_expand_file:dir r_dir_perms;
@@ -274,7 +274,7 @@ allow appdomain misc_user_data_file:dir r_dir_perms;
 allow appdomain misc_user_data_file:file r_file_perms;
 
 # TextClassifier
-r_dir_file({ appdomain -isolated_app }, textclassifier_data_file)
+r_dir_file({ appdomain -isolated_app_all }, textclassifier_data_file)
 
 # Access to OEM provided data and apps
 allow appdomain oemfs:dir r_dir_perms;
@@ -293,7 +293,7 @@ not_full_treble(`
 
 full_treble_only(`
     # For looking up Renderscript vendor drivers
-    allow { appdomain -isolated_app } vendor_file:dir { open read };
+    allow { appdomain -isolated_app_all } vendor_file:dir { open read };
 ')
 
 # Allow apps access to /vendor/overlay
@@ -368,9 +368,9 @@ userdebug_or_eng(`
 
 # Grant GPU access to all processes started by Zygote.
 # They need that to render the standard UI.
-allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms;
-allow { appdomain -isolated_app } gpu_device:dir r_dir_perms;
-allow { appdomain -isolated_app } sysfs_gpu:file r_file_perms;
+allow { appdomain -isolated_app_all } gpu_device:chr_file rw_file_perms;
+allow { appdomain -isolated_app_all } gpu_device:dir r_dir_perms;
+allow { appdomain -isolated_app_all } sysfs_gpu:file r_file_perms;
 
 
 # Use the Binder.
@@ -382,7 +382,7 @@ binder_call(appdomain, appdomain)
 # Perform binder IPC to ephemeral apps.
 binder_call(appdomain, ephemeral_app)
 # Perform binder IPC to gpuservice.
-binder_call({ appdomain -isolated_app }, gpuservice)
+binder_call({ appdomain -isolated_app_all }, gpuservice)
 
 # Talk with graphics composer fences
 allow appdomain hal_graphics_composer:fd use;
@@ -403,10 +403,10 @@ allow appdomain system_data_file:lnk_file r_file_perms;
 allow appdomain system_data_file:file { getattr read map };
 
 # Allow read/stat of /data/media files passed by Binder or local socket IPC.
-allow { appdomain -isolated_app -sdk_sandbox } media_rw_data_file:file { read getattr };
+allow { appdomain -isolated_app_all -sdk_sandbox } media_rw_data_file:file { read getattr };
 
 # Read and write /data/data/com.android.providers.telephony files passed over Binder.
-allow { appdomain -isolated_app } radio_data_file:file { read write getattr };
+allow { appdomain -isolated_app_all } radio_data_file:file { read write getattr };
 
 # For art.
 allow appdomain dalvikcache_data_file:file execute;
@@ -435,21 +435,21 @@ allow appdomain console_device:chr_file { read write };
 allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
 
-allow { appdomain -isolated_app } ion_device:chr_file r_file_perms;
-allow { appdomain -isolated_app } dmabuf_system_heap_device:chr_file r_file_perms;
-allow { appdomain -isolated_app } dmabuf_system_secure_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all } ion_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all } dmabuf_system_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all } dmabuf_system_secure_heap_device:chr_file r_file_perms;
 
 # Allow AAudio apps to use shared memory file descriptors from the HAL
-allow { appdomain -isolated_app } hal_audio:fd use;
+allow { appdomain -isolated_app_all } hal_audio:fd use;
 
 # Allow app to access shared memory created by camera HAL1
-allow { appdomain -isolated_app } hal_camera:fd use;
+allow { appdomain -isolated_app_all } hal_camera:fd use;
 
 # Allow apps to access shared memory file descriptor from the tuner HAL
-allow {appdomain -isolated_app} hal_tv_tuner_server:fd use;
+allow {appdomain -isolated_app_all} hal_tv_tuner_server:fd use;
 
 # RenderScript always-passthrough HAL
-allow { appdomain -isolated_app } hal_renderscript_hwservice:hwservice_manager find;
+allow { appdomain -isolated_app_all } hal_renderscript_hwservice:hwservice_manager find;
 allow appdomain same_process_hal_file:file { execute read open getattr map };
 
 # TODO: switch to meminfo service
@@ -491,7 +491,7 @@ allow appdomain zygote_tmpfs:file { map read };
 # from read-only locations.
 neverallow {
   bluetooth
-  isolated_app
+  isolated_app_all
   nfc
   radio
   shared_relro

private/app_neverallows.te

@@ -5,6 +5,8 @@
 define(`all_untrusted_apps',`{
   ephemeral_app
   isolated_app
+  isolated_app_all
+  isolated_compute_app
   mediaprovider
   mediaprovider_app
   untrusted_app

private/compat/33.0/33.0.ignore.cil

@@ -32,6 +32,7 @@
     hal_wifi_service
     healthconnect_service
     hypervisor_restricted_prop
+    isolated_compute_app
     keystore_config_prop
     ntfs
     permissive_mte_prop

private/domain.te

@@ -134,7 +134,7 @@ get_prop(domain, socket_hook_prop)
 get_prop(domain, surfaceflinger_prop)
 get_prop(domain, telephony_status_prop)
 get_prop(domain, timezone_prop)
-get_prop({domain -untrusted_app_all -isolated_app -ephemeral_app },  userdebug_or_eng_prop)
+get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app },  userdebug_or_eng_prop)
 get_prop(domain, vendor_socket_hook_prop)
 get_prop(domain, vndk_prop)
 get_prop(domain, vold_status_prop)
@@ -728,7 +728,7 @@ neverallow {
                  # traced_probes.te.
 } system_app_data_file:dir_file_class_set { create unlink open };
 neverallow {
-  isolated_app
+  isolated_app_all
   ephemeral_app
   priv_app
   sdk_sandbox

private/isolated_app.te

@@ -1,36 +1,24 @@
 ###
-### Services with isolatedProcess=true in their manifest.
+### isolated_apps.
 ###
-### This file defines the rules for isolated apps. An "isolated
-### app" is an APP with UID between AID_ISOLATED_START (99000)
-### and AID_ISOLATED_END (99999).
+### This file defines the rules for isolated apps that does not wish to use
+### service managers and does not require extra computational resources.
 ###
 
 typeattribute isolated_app coredomain;
 
 app_domain(isolated_app)
+isolated_app_domain(isolated_app)
 
-# Access already open app data files received over Binder or local socket IPC.
-allow isolated_app { app_data_file privapp_data_file sdk_sandbox_data_file}:file { append read write getattr lock map };
+allow isolated_app webviewupdate_service:service_manager find;
 
 # Allow access to network sockets received over IPC. New socket creation is not
 # permitted.
 allow isolated_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl };
 
-allow isolated_app activity_service:service_manager find;
-allow isolated_app display_service:service_manager find;
-allow isolated_app webviewupdate_service:service_manager find;
-
-# Google Breakpad (crash reporter for Chrome) relies on ptrace
-# functionality. Without the ability to ptrace, the crash reporter
-# tool is broken.
-# b/20150694
-# https://code.google.com/p/chromium/issues/detail?id=475270
-allow isolated_app self:process ptrace;
-
 # b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps
 # by other processes. Open should never be allowed, and is blocked by
-# neverallow rules below.
+# neverallow rules in isolated_app_all attribute.
 # media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
 # is modified to change the secontext when accessing the lower filesystem.
 allow isolated_app { sdcard_type fuse media_rw_data_file }:file { read write append getattr lock map };
@@ -47,17 +35,6 @@ allow isolated_app webview_zygote:unix_dgram_socket write;
 # Read system properties managed by webview_zygote.
 allow isolated_app webview_zygote_tmpfs:file read;
 
-# Inherit FDs from the app_zygote.
-allow isolated_app app_zygote:fd use;
-# Notify app_zygote of child death.
-allow isolated_app app_zygote:process sigchld;
-# Inherit logd write socket.
-allow isolated_app app_zygote:unix_dgram_socket write;
-
-# TODO (b/63631799) fix this access
-# suppress denials to /data/local/tmp
-dontaudit isolated_app shell_data_file:dir search;
-
 # Write app-specific trace data to the Perfetto traced damon. This requires
 # connecting to its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(isolated_app)
@@ -66,88 +43,3 @@ perfetto_producer(isolated_app)
 # debuggable.
 can_profile_heap(isolated_app)
 can_profile_perf(isolated_app)
-
-#####
-##### Neverallow
-#####
-
-# Isolated apps should not directly open app data files themselves.
-neverallow isolated_app { app_data_file privapp_data_file sdk_sandbox_data_file}:file open;
-
-# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
-# TODO: are there situations where isolated_apps write to this file?
-# TODO: should we tighten these restrictions further?
-neverallow isolated_app anr_data_file:file ~{ open append };
-neverallow isolated_app anr_data_file:dir ~search;
-
-# Isolated apps must not be permitted to use HwBinder
-neverallow isolated_app hwbinder_device:chr_file *;
-neverallow isolated_app *:hwservice_manager *;
-
-# Isolated apps must not be permitted to use VndBinder
-neverallow isolated_app vndbinder_device:chr_file *;
-
-# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services allowlisted below.
-neverallow isolated_app *:service_manager ~find;
-
-# b/17487348
-# Isolated apps can only access three services,
-# activity_service, display_service, webviewupdate_service.
-neverallow isolated_app {
-    service_manager_type
-    -activity_service
-    -display_service
-    -webviewupdate_service
-}:service_manager find;
-
-# Isolated apps shouldn't be able to access the driver directly.
-neverallow isolated_app gpu_device:chr_file { rw_file_perms execute };
-
-# Do not allow isolated_app access to /cache
-neverallow isolated_app cache_file:dir ~{ r_dir_perms };
-neverallow isolated_app cache_file:file ~{ read getattr };
-
-# Do not allow isolated_app to access external storage, except for files passed
-# via file descriptors (b/32896414).
-neverallow isolated_app { storage_file mnt_user_file sdcard_type fuse }:dir ~getattr;
-neverallow isolated_app { storage_file mnt_user_file }:file_class_set *;
-neverallow isolated_app { sdcard_type fuse }:{ devfile_class_set lnk_file sock_file fifo_file } *;
-neverallow isolated_app { sdcard_type fuse }:file ~{ read write append getattr lock map };
-
-# Do not allow USB access
-neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
-
-# Restrict the webview_zygote control socket.
-neverallow isolated_app webview_zygote:sock_file write;
-
-# Limit the /sys files which isolated_app can access. This is important
-# for controlling isolated_app attack surface.
-neverallow isolated_app {
-  sysfs_type
-  -sysfs_devices_system_cpu
-  -sysfs_transparent_hugepage
-  -sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
-  -sysfs_fs_incfs_features
-}:file no_rw_file_perms;
-
-# No creation of sockets families other than AF_UNIX sockets.
-# List taken from system/sepolicy/public/global_macros - socket_class_set
-# excluding unix_stream_socket and unix_dgram_socket.
-# Many of these are socket families which have never and will never
-# be compiled into the Android kernel.
-neverallow isolated_app { self ephemeral_app priv_app sdk_sandbox untrusted_app_all }:{
-  socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
-  key_socket appletalk_socket netlink_route_socket
-  netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
-  netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
-  netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
-  netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
-  netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
-  netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
-  netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
-  rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
-  bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
-  ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
-  qipcrtr_socket smc_socket xdp_socket
-} create;

private/isolated_app_all.te

@@ -0,0 +1,120 @@
+###
+### isolated_app_all.
+###
+### Services with isolatedProcess=true in their manifest.
+###
+### This file defines the rules shared by all isolated apps. An "isolated
+### app" is an APP with UID between AID_ISOLATED_START (99000)
+### and AID_ISOLATED_END (99999).
+###
+
+# Access already open app data files received over Binder or local socket IPC.
+allow isolated_app_all { app_data_file privapp_data_file sdk_sandbox_data_file}:file { append read write getattr lock map };
+
+allow isolated_app_all activity_service:service_manager find;
+allow isolated_app_all display_service:service_manager find;
+
+# Google Breakpad (crash reporter for Chrome) relies on ptrace
+# functionality. Without the ability to ptrace, the crash reporter
+# tool is broken.
+# b/20150694
+# https://code.google.com/p/chromium/issues/detail?id=475270
+allow isolated_app_all self:process ptrace;
+
+# Inherit FDs from the app_zygote.
+allow isolated_app_all app_zygote:fd use;
+# Notify app_zygote of child death.
+allow isolated_app_all app_zygote:process sigchld;
+# Inherit logd write socket.
+allow isolated_app_all app_zygote:unix_dgram_socket write;
+
+# TODO (b/63631799) fix this access
+# suppress denials to /data/local/tmp
+dontaudit isolated_app_all shell_data_file:dir search;
+
+#####
+##### Neverallow
+#####
+
+# Isolated apps should not directly open app data files themselves.
+neverallow isolated_app_all { app_data_file privapp_data_file sdk_sandbox_data_file}:file open;
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+# TODO: are there situations where isolated_apps write to this file?
+# TODO: should we tighten these restrictions further?
+neverallow isolated_app_all anr_data_file:file ~{ open append };
+neverallow isolated_app_all anr_data_file:dir ~search;
+
+# Isolated apps must not be permitted to use HwBinder
+neverallow { isolated_app_all -isolated_compute_app } hwbinder_device:chr_file *;
+neverallow { isolated_app_all -isolated_compute_app } *:hwservice_manager *;
+
+# Isolated apps must not be permitted to use VndBinder
+neverallow isolated_app_all vndbinder_device:chr_file *;
+
+# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
+# except the find actions for services allowlisted below.
+neverallow { isolated_app_all -isolated_compute_app } *:service_manager ~find;
+
+# b/17487348
+# Isolated apps can only access three services,
+# activity_service, display_service, webviewupdate_service.
+neverallow { isolated_app_all -isolated_compute_app } {
+    service_manager_type
+    -activity_service
+    -display_service
+    -webviewupdate_service
+}:service_manager find;
+
+# Isolated apps shouldn't be able to access the driver directly.
+neverallow isolated_app_all gpu_device:chr_file { rw_file_perms execute };
+
+# Do not allow isolated_apps access to /cache
+neverallow isolated_app_all cache_file:dir ~{ r_dir_perms };
+neverallow isolated_app_all cache_file:file ~{ read getattr };
+
+# Do not allow isolated_app_all to access external storage, except for files passed
+# via file descriptors (b/32896414).
+neverallow isolated_app_all { storage_file mnt_user_file sdcard_type fuse }:dir ~getattr;
+neverallow isolated_app_all { storage_file mnt_user_file }:file_class_set *;
+neverallow isolated_app_all { sdcard_type fuse }:{ devfile_class_set lnk_file sock_file fifo_file } *;
+neverallow isolated_app_all { sdcard_type fuse }:file ~{ read write append getattr lock map };
+
+# Do not allow USB access
+neverallow isolated_app_all { usb_device usbaccessory_device }:chr_file *;
+
+# Restrict the webview_zygote control socket.
+neverallow isolated_app_all webview_zygote:sock_file write;
+
+# Limit the /sys files which isolated_app_all can access. This is important
+# for controlling isolated_app_all attack surface.
+# TODO (b/266555480): The permission should be guarded by compliance test.
+# Remove the negation for member domains when refactorization is done.
+neverallow { isolated_app_all -isolated_compute_app } {
+  sysfs_type
+  -sysfs_devices_system_cpu
+  -sysfs_transparent_hugepage
+  -sysfs_usb # TODO: check with audio team if needed for isolated_apps (b/28417852)
+  -sysfs_fs_incfs_features
+}:file no_rw_file_perms;
+
+# No creation of sockets families other than AF_UNIX sockets.
+# List taken from system/sepolicy/public/global_macros - socket_class_set
+# excluding unix_stream_socket and unix_dgram_socket.
+# Many of these are socket families which have never and will never
+# be compiled into the Android kernel.
+neverallow isolated_app_all { self ephemeral_app priv_app sdk_sandbox untrusted_app_all }:{
+  socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
+  key_socket appletalk_socket netlink_route_socket
+  netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
+  netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
+  netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+  netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+  netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
+  netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
+  netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
+  rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+  bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
+  ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
+  qipcrtr_socket smc_socket xdp_socket
+} create;

private/isolated_compute_app.te

@@ -0,0 +1,52 @@
+###
+### isolated_compute_apps.
+###
+### This file defines the rules for isolated apps that requires the permission
+### to gather data with service manager and require computational resources to
+### improve the performance to process data under a sandbox. This
+### isolated_compute_app restricts data egress to protect the privacy.
+###
+### TODO(b/266923392): Clean rules for isolated_compute_app characteristics
+###
+type isolated_compute_app, domain;
+
+typeattribute isolated_compute_app coredomain;
+
+app_domain(isolated_compute_app)
+isolated_app_domain(isolated_compute_app)
+
+allow isolated_compute_app audioserver_service:service_manager find;
+allow isolated_compute_app cameraserver_service:service_manager find;
+allow isolated_compute_app content_capture_service:service_manager find;
+allow isolated_compute_app device_state_service:service_manager find;
+allow isolated_compute_app speech_recognition_service:service_manager find;
+
+# Enable access to hardware services for camera functionalilites
+hal_client_domain(isolated_compute_app, hal_allocator)
+hwbinder_use(isolated_compute_app)
+
+# Write app-specific trace data to the Perfetto traced damon. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(isolated_compute_app)
+
+# Allow profiling if the main app has been marked as profileable or
+# debuggable.
+can_profile_heap(isolated_compute_app)
+can_profile_perf(isolated_compute_app)
+
+#####
+##### Neverallow
+#####
+
+# Do not allow isolated_compute_app to access hardware service except for the
+# ones necessary for camera service.
+# TODO (b/266555480): The permission should be guarded by compliance test.
+# Remove the negation for member domains when refactorization is done.
+# neverallow isolated_compute_app {
+# hwservice_manager_type
+#  -hal_graphics_allocator_hwservice
+#  -hal_graphics_mapper_hwservice
+#  -hidl_allocator_hwservice
+#  -hidl_manager_hwservice
+#  -hidl_memory_hwservice
+# }:hwservice_manager *;

private/technical_debt.cil

@@ -7,27 +7,27 @@
 
 ; Apps, except isolated apps, are clients of Allocator HAL
 ; Unfortunately, we can't currently express this in module policy language:
-;     typeattribute { appdomain -isolated_app } hal_allocator_client;
+;     typeattribute { appdomain -isolated_app_all } hal_allocator_client;
 ;     typeattribute hal_allocator_client halclientdomain;
-(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app_all))))))
 (typeattributeset halclientdomain (hal_allocator_client))
 
 ; Apps, except isolated apps, are clients of OMX-related services
 ; Unfortunately, we can't currently express this in module policy language:
-(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app_all))))))
 
 ; Apps, except isolated apps, are clients of Codec2-related services
 ; Unfortunately, we can't currently express this in module policy language:
-(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app_all))))))
 
 ; Apps, except isolated apps and SDK sandboxes, are clients of Drm-related services
 ; Unfortunately, we can't currently express this in module policy language:
-(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app) (sdk_sandbox)))))))
+(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app_all) (sdk_sandbox)))))))
 
 ; Apps, except isolated apps, are clients of Configstore HAL
 ; Unfortunately, we can't currently express this in module policy language:
-;     typeattribute { appdomain -isolated_app } hal_configstore_client;
-(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
+;     typeattribute { appdomain -isolated_app_all } hal_configstore_client;
+(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app_all))))))
 
 ; Apps, except isolated apps, are clients of Graphics Allocator HAL
 ; Unfortunately, we can't currently express this in module policy language:
@@ -36,8 +36,8 @@
 
 ; Apps, except isolated apps, are clients of Cas HAL
 ; Unfortunately, we can't currently express this in module policy language:
-;     typeattribute { appdomain -isolated_app } hal_cas_client;
-(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
+;     typeattribute { appdomain -isolated_app_all } hal_cas_client;
+(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app_all))))))
 
 ; Domains hosting Camera HAL implementations are clients of Allocator HAL
 ; Unfortunately, we can't currently express this in module policy language:
@@ -46,8 +46,8 @@
 
 ; Apps, except isolated apps, are clients of Neuralnetworks HAL
 ; Unfortunately, we can't currently express this in module policy language:
-;     typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
-(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
+;     typeattribute { appdomain -isolated_app_all } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app_all))))))
 
 ; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
 ; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.

public/attributes

@@ -206,6 +206,9 @@ attribute appdomain;
 # All third party apps (except isolated_app and ephemeral_app)
 attribute untrusted_app_all;
 
+# All apps with UID between AID_ISOLATED_START (99000) and AID_ISOLATED_END (99999).
+attribute isolated_app_all;
+
 # All domains used for apps with network access.
 attribute netdomain;
 

public/te_macros

@@ -232,6 +232,13 @@ define(`untrusted_app_domain', `
 typeattribute $1 untrusted_app_all;
 ')
 
+#####################################
+# isolated_app_domain(domain)
+# Allow a base set of permissions required for all isolated apps.
+define(`isolated_app_domain', `
+typeattribute $1 isolated_app_all;
+')
+
 #####################################
 # net_domain(domain)
 # Allow a base set of permissions required for network access.