Revert "untrusted_app_30: add new targetSdk domain"
Revert "Ignore SELinux denials for all untrusted_app domains"
Revert "Update tests to check RTM_GETNEIGH{TBL} restrictions"
Revert submission 1748045-getneigh-enable-restrictions
Reason for revert: Breaks android.net.netlink.NetlinkSocketTest#testBasicWorkingGetNeighborsQuery with permissions error.
Bug: 192406650
Reverted Changes:
Iea29a1b36:Ignore SELinux denials for all untrusted_app domai...
I14b755020:Update tests to check RTM_GETNEIGH{TBL} restrictio...
I32ebb407b:untrusted_app_30: add new targetSdk domain
I8598662b7:libsepol: trigger new RTM_GETNEIGH{TBL} behavior
Change-Id: I525544191520607fdd238b5ac55aa5132f679253
This commit is contained in:
Paul Hobbs
parent
55badc22c1
commit
f6fc9377ad
11 changed files with 5 additions and 53 deletions
|
|
@ -395,7 +395,6 @@ inherits socket
|
|||
nlmsg_read
|
||||
nlmsg_write
|
||||
nlmsg_readpriv
|
||||
nlmsg_getneigh
|
||||
}
|
||||
|
||||
class netlink_tcpdiag_socket
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ define(`all_untrusted_apps',`{
|
|||
untrusted_app_25
|
||||
untrusted_app_27
|
||||
untrusted_app_29
|
||||
untrusted_app_30
|
||||
untrusted_app_all
|
||||
}')
|
||||
# Receive or send uevent messages.
|
||||
|
|
@ -120,15 +119,6 @@ neverallow all_untrusted_apps *:{
|
|||
# Disallow sending RTM_GETLINK messages on netlink sockets.
|
||||
neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
|
||||
|
||||
# Disallow sending RTM_GETNEIGH{TBL} messages on netlink sockets.
|
||||
neverallow {
|
||||
all_untrusted_apps
|
||||
-untrusted_app_25
|
||||
-untrusted_app_27
|
||||
-untrusted_app_29
|
||||
-untrusted_app_30
|
||||
} domain:netlink_route_socket nlmsg_getneigh;
|
||||
|
||||
# Do not allow untrusted apps access to /cache
|
||||
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
|
||||
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
|
||||
|
|
|
|||
|
|
@ -9,5 +9,4 @@
|
|||
camera2_extensions_prop
|
||||
power_stats_service
|
||||
transformer_service
|
||||
untrusted_app_30
|
||||
))
|
||||
|
|
|
|||
|
|
@ -168,8 +168,7 @@ user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=pri
|
|||
user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
|
||||
user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
|
||||
user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
|
||||
user=_app minTargetSdkVersion=32 domain=untrusted_app type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=30 domain=untrusted_app_30 type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
### Untrusted apps.
|
||||
###
|
||||
### This file defines the rules for untrusted apps running with
|
||||
### targetSdkVersion >= 32.
|
||||
### targetSdkVersion >= 30.
|
||||
###
|
||||
### See public/untrusted_app.te for more information about which apps are
|
||||
### placed in this selinux domain.
|
||||
|
|
|
|||
|
|
@ -48,6 +48,3 @@ auditallow untrusted_app_25 ashmem_device:chr_file open;
|
|||
|
||||
# Read /mnt/sdcard symlink.
|
||||
allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms;
|
||||
|
||||
# allow sending RTM_GETNEIGH{TBL} messages.
|
||||
allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
|
||||
|
|
|
|||
|
|
@ -36,6 +36,3 @@ auditallow untrusted_app_27 ashmem_device:chr_file open;
|
|||
|
||||
# Read /mnt/sdcard symlink.
|
||||
allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms;
|
||||
|
||||
# allow sending RTM_GETNEIGH{TBL} messages.
|
||||
allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
|
||||
|
|
|
|||
|
|
@ -14,6 +14,3 @@ app_domain(untrusted_app_29)
|
|||
untrusted_app_domain(untrusted_app_29)
|
||||
net_domain(untrusted_app_29)
|
||||
bluetooth_domain(untrusted_app_29)
|
||||
|
||||
# allow sending RTM_GETNEIGH{TBL} messages.
|
||||
allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
###
|
||||
### Untrusted apps.
|
||||
###
|
||||
### This file defines the rules for untrusted apps running with
|
||||
### 29 < targetSdkVersion <= 31.
|
||||
###
|
||||
### See public/untrusted_app.te for more information about which apps are
|
||||
### placed in this selinux domain.
|
||||
###
|
||||
### TODO(b/192334803): Merge this policy into untrusted_app_29 when possible
|
||||
###
|
||||
|
||||
typeattribute untrusted_app_30 coredomain;
|
||||
|
||||
app_domain(untrusted_app_30)
|
||||
untrusted_app_domain(untrusted_app_30)
|
||||
net_domain(untrusted_app_30)
|
||||
bluetooth_domain(untrusted_app_30)
|
||||
|
||||
# allow sending RTM_GETNEIGH{TBL} messages.
|
||||
allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
|
||||
|
|
@ -20,16 +20,14 @@ allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind;
|
|||
# See changes to the routing table.
|
||||
allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read };
|
||||
# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
|
||||
# untrusted_apps.
|
||||
# b/171572148 gate RTM_GETNEIGH{TBL} with a new permission nlmsg_getneigh and block access from
|
||||
# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-30) are granted access elsewhere
|
||||
# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere
|
||||
# to avoid app-compat breakage.
|
||||
allow {
|
||||
netdomain
|
||||
-ephemeral_app
|
||||
-mediaprovider
|
||||
-untrusted_app_all
|
||||
} self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
|
||||
} self:netlink_route_socket { bind nlmsg_readpriv };
|
||||
|
||||
# Talks to netd via dnsproxyd socket.
|
||||
unix_socket_connect(netdomain, dnsproxyd, netd)
|
||||
|
|
|
|||
|
|
@ -17,12 +17,9 @@
|
|||
###
|
||||
|
||||
# This file defines the rules for untrusted apps running with
|
||||
# targetSdkVersion >= 32.
|
||||
# targetSdkVersion >= 30.
|
||||
type untrusted_app, domain;
|
||||
# This file defines the rules for untrusted apps running with
|
||||
# 29 < targetSdkVersion <= 31.
|
||||
type untrusted_app_30, domain;
|
||||
# This file defines the rules for untrusted apps running with
|
||||
# targetSdkVersion = 29.
|
||||
type untrusted_app_29, domain;
|
||||
# This file defines the rules for untrusted apps running with
|
||||
|
|
|
|||
Loading…
Reference in a new issue