neverallow /data/anr access for isolated/untrusted apps

am: 369cf8c * commit '369cf8cde5f69e6d6b752e250edfba80289b9c83': neverallow /data/anr access for isolated/untrusted apps
2016-03-25 20:07:39 +00:00 · 2016-03-25 20:07:39 +00:00 · bf008b1cbe
commit bf008b1cbe
parent ad1ed6fe55 369cf8cde5
2 changed files with 10 additions and 0 deletions
--- a/isolated_app.te
+++ b/isolated_app.te
@ -40,6 +40,12 @@ neverallow isolated_app property_type:property_service set;
 # Isolated apps should not directly open app data files themselves.
 neverallow isolated_app app_data_file:file open;

+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+# TODO: are there situations where isolated_apps write to this file?
+# TODO: should we tighten these restrictions further?
+neverallow isolated_app anr_data_file:file ~{ open append };
+neverallow isolated_app anr_data_file:dir ~search;
+
 # b/17487348
 # Isolated apps can only access three services,
 # activity_service, display_service and webviewupdate_service.
--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -183,3 +183,7 @@ neverallow untrusted_app {

 # Do not allow untrusted_app to directly open tun_device
 neverallow untrusted_app tun_device:chr_file open;
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+neverallow untrusted_app anr_data_file:file ~{ open append };
+neverallow untrusted_app anr_data_file:dir ~search;