ef1698a878
Currently, app process can freely execute path at
`/data/misc_ce/0/sdksandbox/<package-name>` since it's labeled as system
file. They can't read or write, but use 403/404
error to figure out if an app is installed or not.
By changing the selinux label of the parent directory:
`/data/misc_ce/0/sdksandbox`, we can restrict app process from executing
inside the directory and avoid the privacy leak.
Sandbox process should only have "search" permission on the new label so
that it can pass through it to its data directory located in
`/data/misc_ce/0/sdksandbox/<package-name>/<per-sdk-dir>`.
Bug: 214241165
Test: atest SdkSandboxStorageHostTest
Test: `adb shell cd /data/misc_ce/0/sdksandbox` gives error
Test: manual test to verify webview still works
Ignore-AOSP-First: Test is missing in AOSP. Will cherry-pick to AOSP
once merged here.
Change-Id: Id8771b322d4eb5532eaf719f203ca94035e2a8ed
53 lines
1.8 KiB
Text
53 lines
1.8 KiB
Text
typeattribute installd coredomain;
|
|
|
|
init_daemon_domain(installd)
|
|
|
|
# Run migrate_legacy_obb_data.sh in its own sandbox.
|
|
domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data)
|
|
allow installd shell_exec:file rx_file_perms;
|
|
|
|
# Run dex2oat in its own sandbox.
|
|
domain_auto_trans(installd, dex2oat_exec, dex2oat)
|
|
|
|
# Run dexoptanalyzer in its own sandbox.
|
|
domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer)
|
|
|
|
# Run viewcompiler in its own sandbox.
|
|
domain_auto_trans(installd, viewcompiler_exec, viewcompiler)
|
|
|
|
# Run profman in its own sandbox.
|
|
domain_auto_trans(installd, profman_exec, profman)
|
|
|
|
# Run idmap in its own sandbox.
|
|
domain_auto_trans(installd, idmap_exec, idmap)
|
|
|
|
# For collecting bugreports.
|
|
allow installd dumpstate:fd use;
|
|
allow installd dumpstate:fifo_file r_file_perms;
|
|
|
|
# Delete /system/bin/bcc generated artifacts
|
|
allow installd app_exec_data_file:file unlink;
|
|
|
|
# Capture userdata snapshots to /data/misc_[ce|de]/rollback and
|
|
# subsequently restore them.
|
|
allow installd rollback_data_file:dir create_dir_perms;
|
|
allow installd rollback_data_file:file create_file_perms;
|
|
|
|
# Allow installd to access the runtime feature flag properties.
|
|
get_prop(installd, device_config_runtime_native_prop)
|
|
get_prop(installd, device_config_runtime_native_boot_prop)
|
|
|
|
# Allow installd to access apk verity feature flag (for legacy case).
|
|
get_prop(installd, apk_verity_prop)
|
|
|
|
# Allow installd to access odsign verification status
|
|
get_prop(installd, odsign_prop)
|
|
|
|
# Allow installd to delete files in /data/staging
|
|
allow installd staging_data_file:file unlink;
|
|
allow installd staging_data_file:dir { open read remove_name rmdir search write };
|
|
|
|
allow installd { dex2oat dexoptanalyzer }:process { sigkill signal };
|
|
|
|
# Allow installd manage dirs in /data/misc_ce/0/sdksandbox
|
|
allow installd sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom };
|