tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/34.0/public
History
Jeff Vander Stoep f9a774f1ae Disallow watch and watch_reads on apk_data_file for apps 
This can be used as a side channel to observe when an application
is launched.

Gate this restriction on the application's targetSdkVersion to
avoid breaking existing apps. Only apps targeting 34 and above will
see the new restriction.

Remove duplicate permissions from public/shell.te. Shell is
already appdomain, so these permissions are already granted to it.

Ignore-AOSP-First: Security fix
Bug: 231587164
Test: boot device, install/uninstall apps. Observe no new denials.
Test: Run researcher provided PoC. Observe audit messages.
Change-Id: Ic7577884e9d994618a38286a42a8047516548782
2023-04-25 15:20:45 +02:00
..
adbd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
aidl_lazy_test_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
apexd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
app_zygote.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
artd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
asan_extract.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
atrace.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
attributes UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
audioserver.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
blkid.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
blkid_untrusted.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
bluetooth.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
bootanim.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
bootstat.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
bpfloader.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
bufferhubd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
camera_service_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
cameraserver.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
charger.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
charger_type.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
charger_vendor.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
crash_dump.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
credstore.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
device.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
dhcp.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
display_service_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
dnsmasq.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
domain.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
drmserver.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
dumpstate.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
e2fs.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
ephemeral_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
evsmanagerd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
extra_free_kbytes.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
fastbootd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
file.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
fingerprintd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
flags_health_check.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
fsck.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
fsck_untrusted.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
gatekeeperd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
global_macros UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
gmscore_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
gpuservice.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_allocator.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_atrace.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_audio.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_audiocontrol.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_authsecret.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_bluetooth.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_bootctl.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_broadcastradio.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_camera.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_can.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_cas.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_codec2.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_configstore.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_confirmationui.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_contexthub.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_drm.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_dumpstate.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_evs.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_face.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_fastboot.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_fingerprint.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_gatekeeper.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_gnss.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_graphics_allocator.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_graphics_composer.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_health.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_health_storage.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_identity.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_input_classifier.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_input_processor.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_ir.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_ivn.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_keymaster.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_keymint.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_light.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_lowpan.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_memtrack.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_neuralnetworks.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_neverallows.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_nfc.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_nlinterceptor.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_oemlock.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_omx.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_power.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_power_stats.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_rebootescrow.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_remoteaccess.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_secure_element.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_sensors.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_telephony.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tetheroffload.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_thermal.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tv_cec.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tv_hdmi_cec.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tv_hdmi_connection.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tv_hdmi_earc.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tv_input.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_tv_tuner.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_usb.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_usb_gadget.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_uwb.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_vehicle.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_vibrator.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_vr.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_weaver.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_wifi.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_wifi_hostapd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hal_wifi_supplicant.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
healthd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
heapprofd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hwservice.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
hwservicemanager.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
idmap.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
incident.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
incident_helper.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
incidentd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
init.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
inputflinger.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
installd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
ioctl_defines UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
ioctl_macros UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
isolated_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
isolated_compute_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
kernel.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
keystore.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
keystore_keys.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
llkd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
lmkd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
logd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
logpersist.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mdnsd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediadrmserver.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediaextractor.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediametrics.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediaprovider.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediaserver.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediaswcodec.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mediatranscoding.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
modprobe.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
mtp.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
net.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
netd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
netutils_wrapper.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
network_stack.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
neverallow_macros UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
nfc.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
otapreopt_chroot.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
perfetto.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
performanced.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
platform_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
postinstall.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
ppp.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
priv_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
prng_seeder.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
profman.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
property.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
racoon.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
radio.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
recovery.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
recovery_persist.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
recovery_refresh.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
remote_provisioning_service_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
rkpd_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
roles UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
rootdisk_sysdev.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
rs.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
rss_hwm_reset.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
runas.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
runas_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
scheduler_service_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
sdcardd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
secure_element.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
sensor_service_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
service.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
servicemanager.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
sgdisk.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
shared_relro.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
shell.te Disallow watch and watch_reads on apk_data_file for apps 2023-04-25 15:20:45 +02:00
simpleperf.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
simpleperf_app_runner.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
slideshow.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
stats_service_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
statsd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
su.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
surfaceflinger.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
system_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
system_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
system_suspend_internal_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
system_suspend_server.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
te_macros UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
tee.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
tombstoned.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
toolbox.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
traced.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
traced_perf.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
traced_probes.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
traceur_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
ueventd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
uncrypt.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
untrusted_app.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
update_engine.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
update_engine_common.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
update_verifier.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
usbd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
userdata_sysdev.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vdc.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vendor_init.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vendor_misc_writer.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vendor_modprobe.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vendor_shell.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vendor_toolbox.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
virtual_touchpad.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vndservice.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vndservicemanager.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vold.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
vold_prepare_subdirs.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
watchdogd.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
webview_zygote.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
wificond.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00
zygote.te UpsideDownCake/34 is now REL 2023-04-21 19:36:02 +00:00