Merge "Disallow new untrusted_app access to /proc/tty/drivers"

2018-09-07 16:15:57 +00:00 · 2018-09-07 16:15:57 +00:00 · f82c66f240
commit f82c66f240
parent fb947d0c36 ff511cb5db
1 changed files with 8 additions and 0 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -265,3 +265,11 @@ full_treble_only(`

 # Untrusted apps are not allowed to find mediaextractor update service.
 neverallow all_untrusted_apps mediaextractor_update_service:service_manager find;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms;
+neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;