8bf8a262e5
We no longer allow apps with mlstrustedsubject access to app_data_file or privapp_data_file. For compatibility we grant access to all apps on vendor images for SDK <= 30, whether mlstrustedsubject or not. (The ones that are not already have access, but that is harmless.) Additionally we have started adding categories to system_data_file etc. We treat these older vendor apps as trusted for those types only. The result is that apps on older vendor images still have all the access they used to but no new access. We add a neverallow to prevent the compatibility attribute being abused. Test: builds Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad
11 lines
987 B
Text
11 lines
987 B
Text
(typeattribute vendordomain)
|
|
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
|
|
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
|
|
(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
|
|
(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
|
|
|
|
(typeattributeset mlsvendorcompat (and appdomain vendordomain))
|
|
(allow mlsvendorcompat app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mlsvendorcompat app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|
|
(allow mlsvendorcompat privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
|
|
(allow mlsvendorcompat privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
|