dbcc459b90
compatible_property_only is meaningless to new types introduced after Android P because the macro is for types which should have different accessibilities depending on the device's launching API level. Bug: N/A Test: system/sepolicy/tools/build_policies.sh Change-Id: If6b1cf5e4203c74ee65f170bd18c3a354dca2fd4
47 lines
2.2 KiB
Text
47 lines
2.2 KiB
Text
# Allow apps to read the Test Harness Mode property. This property is used in
|
|
# the implementation of ActivityManager.isDeviceInTestHarnessMode()
|
|
get_prop(appdomain, test_harness_prop)
|
|
|
|
get_prop(appdomain, boot_status_prop)
|
|
get_prop(appdomain, dalvik_config_prop)
|
|
get_prop(appdomain, surfaceflinger_color_prop)
|
|
get_prop(appdomain, systemsound_config_prop)
|
|
get_prop(appdomain, userspace_reboot_config_prop)
|
|
get_prop(appdomain, vold_config_prop)
|
|
|
|
userdebug_or_eng(`perfetto_producer({ appdomain })')
|
|
|
|
# Prevent apps from causing presubmit failures.
|
|
# Apps can cause selinux denials by accessing CE storage
|
|
# and/or external storage. In either case, the selinux denial is
|
|
# not the cause of the failure, but just a symptom that
|
|
# storage isn't ready. Many apps handle the failure appropriately.
|
|
#
|
|
# Apps cannot access external storage before it becomes available.
|
|
dontaudit appdomain storage_stub_file:dir getattr;
|
|
# Attempts to write to system_data_file is generally a sign
|
|
# that apps are attempting to access encrypted storage before
|
|
# the ACTION_USER_UNLOCKED intent is delivered. Apps are not
|
|
# allowed to write to CE storage before it's available.
|
|
# Attempting to do so will be blocked by both selinux and unix
|
|
# permissions.
|
|
dontaudit appdomain system_data_file:dir write;
|
|
# Apps should not be reading vendor-defined properties.
|
|
dontaudit appdomain vendor_default_prop:file read;
|
|
|
|
neverallow appdomain system_server:udp_socket {
|
|
accept append bind create ioctl listen lock name_bind
|
|
relabelfrom relabelto setattr shutdown };
|
|
|
|
# Transition to a non-app domain.
|
|
# Exception for the shell and su domains, can transition to runas, etc.
|
|
# Exception for crash_dump to allow for app crash reporting.
|
|
# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
|
|
# to allow renderscript to create privileged executable files.
|
|
neverallow { appdomain -shell userdebug_or_eng(`-su') }
|
|
{ domain -appdomain -crash_dump -rs }:process { transition };
|
|
neverallow { appdomain -shell userdebug_or_eng(`-su') }
|
|
{ domain -appdomain }:process { dyntransition };
|
|
|
|
# Don't allow regular apps access to storage configuration properties.
|
|
neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
|