platform_system_sepolicy/private/compat/29.0/29.0.compat.cil
Alan Stokes 8bf8a262e5 Exempt older vendor images from recent mls changes.
We no longer allow apps with mlstrustedsubject access to app_data_file
or privapp_data_file. For compatibility we grant access to all apps on
vendor images for SDK <= 30, whether mlstrustedsubject or not. (The
ones that are not already have access, but that is harmless.)

Additionally we have started adding categories to system_data_file
etc. We treat these older vendor apps as trusted for those types only.

The result is that apps on older vendor images still have all the
access they used to but no new access.

We add a neverallow to prevent the compatibility attribute being
abused.

Test: builds
Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad
2020-11-17 17:30:10 +00:00

9 lines
846 B
Text

(typeattribute vendordomain)
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
(typeattributeset mlsvendorcompat (and appdomain vendordomain))
(allow mlsvendorcompat app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
(allow mlsvendorcompat app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
(allow mlsvendorcompat privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
(allow mlsvendorcompat privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))