tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

untrusted_app: allow access to /proc/tty/drivers

Browse source 
/proc/tty/drivers is read by applications to figure out if they are
running in an emulated environment. Specifically, they look for the
string "goldfish" within that file.

Arguably this is not an Android API, and really shouldn't be exposed to
applications, but:

1) A largish number of applications break if they can't read this file;
2) The information here isn't particularly sensitive

While we could spend a bunch of time trying to get applications fixed,
there are bigger fish to fry. It's not worth the battle.

Test: "ls -laZ /proc/tty/drivers" is labeled properly.
Bug: 33214085
Bug: 33814662
Bug: 33791054
Bug: 33211769
Bug: 26813932
Change-Id: Icc05bdc1c917547a6dca7d76636a1009369bde49
This commit is contained in:
Nick Kralevich 2017-01-04 08:43:09 -08:00
parent 11c1b18f61
commit e427a2b2be
3 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/genfs_contexts
View file

@ -29,6 +29,7 @@ genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
genfscon proc /timer_list u:object_r:proc_timer:s0 genfscon proc /timer_list u:object_r:proc_timer:s0
genfscon proc /timer_stats u:object_r:proc_timer:s0 genfscon proc /timer_stats u:object_r:proc_timer:s0
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0

1
public/file.te
View file

@ -20,6 +20,7 @@ type proc_net, fs_type;
type proc_stat, fs_type; type proc_stat, fs_type;
type proc_sysrq, fs_type; type proc_sysrq, fs_type;
type proc_timer, fs_type; type proc_timer, fs_type;
type proc_tty_drivers, fs_type;
type proc_uid_cputime_showstat, fs_type; type proc_uid_cputime_showstat, fs_type;
type proc_uid_cputime_removeuid, fs_type; type proc_uid_cputime_removeuid, fs_type;
type proc_zoneinfo, fs_type; type proc_zoneinfo, fs_type;

6
public/untrusted_app.te
View file

@ -97,6 +97,12 @@ allow untrusted_app sysfs_hwrandom:file r_file_perms;
allow untrusted_app preloads_data_file:dir r_dir_perms; allow untrusted_app preloads_data_file:dir r_dir_perms;
allow untrusted_app preloads_data_file:file r_file_perms; allow untrusted_app preloads_data_file:file r_file_perms;
# Access to /proc/tty/drivers, to allow apps to determine if they
# are running in an emulated environment.
# b/33214085 b/33814662 b/33791054 b/33211769
# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
allow untrusted_app proc_tty_drivers:file r_file_perms;
### ###
### neverallow rules ### neverallow rules
### ###