platform_system_sepolicy/public/simpleperf_app_runner.te
Florian Mayer 4ab64c940f Relabel /data/system/packages.list to new type.
Conservatively grant access to packages_list_file to everything that had
access to system_data_file:file even if the comment in the SELinux
policy suggests it was for another use.

Ran a diff on the resulting SEPolicy, the only difference of domains
being granted is those that had system_data_file:dir permissiosn which
is clearly not applicable for packages.list

diff -u0 <(sesearch --allow -t system_data_file ~/sepolicy | sed 's/system_data_file/packages_list_file/') <(sesearch --allow -t packages_list_file ~/sepolicy_new)
--- /proc/self/fd/16	2019-03-19 20:01:44.378409146 +0000
+++ /proc/self/fd/18	2019-03-19 20:01:44.378409146 +0000
@@ -3 +2,0 @@
-allow appdomain packages_list_file:dir getattr;
@@ -6 +4,0 @@
-allow coredomain packages_list_file:dir getattr;
@@ -8 +5,0 @@
-allow domain packages_list_file:dir search;
@@ -35 +31,0 @@
-allow system_server packages_list_file:dir { rename search setattr read lock create reparent getattr write relabelfrom ioctl rmdir remove_name open add_name };
@@ -40 +35,0 @@
-allow tee packages_list_file:dir { search read lock getattr ioctl open };
@@ -43,3 +37,0 @@
-allow traced_probes packages_list_file:dir { read getattr open search };
-allow vendor_init packages_list_file:dir { search setattr read create getattr write relabelfrom ioctl rmdir remove_name open add_name };
-allow vold packages_list_file:dir { search setattr read lock create getattr mounton write ioctl rmdir remove_name open add_name };
@@ -48 +39,0 @@
-allow vold_prepare_subdirs packages_list_file:dir { read write relabelfrom rmdir remove_name open add_name };
@@ -50 +40,0 @@
-allow zygote packages_list_file:dir { search read lock getattr ioctl open };

Bug: 123186697

Change-Id: Ieabf313653deb5314872b63cd47dadd535af7b07
2019-03-28 10:27:43 +00:00

43 lines
1.8 KiB
Text

type simpleperf_app_runner, domain, mlstrustedsubject;
type simpleperf_app_runner_exec, system_file_type, exec_type, file_type;
# run simpleperf_app_runner in adb shell.
allow simpleperf_app_runner adbd:fd use;
allow simpleperf_app_runner shell:fd use;
allow simpleperf_app_runner devpts:chr_file { read write ioctl };
# simpleperf_app_runner reads package information.
allow simpleperf_app_runner system_data_file:file r_file_perms;
allow simpleperf_app_runner system_data_file:lnk_file getattr;
allow simpleperf_app_runner packages_list_file:file r_file_perms;
# The app's data dir may be accessed through a symlink.
allow simpleperf_app_runner system_data_file:lnk_file read;
# simpleperf_app_runner switches to the app UID/GID.
allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
# simpleperf_app_runner switches to the app security context.
selinux_check_context(simpleperf_app_runner) # validate context
allow simpleperf_app_runner self:process setcurrent;
allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
# determine which domain to transition to.
allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
# simpleperf_app_runner passes pipe fds.
allow simpleperf_app_runner shell:fifo_file read;
# simpleperf_app_runner checks shell data paths.
# simpleperf_app_runner passes shell data fds.
allow simpleperf_app_runner shell_data_file:dir { getattr search };
allow simpleperf_app_runner shell_data_file:file { getattr write };
###
### neverallow rules
###
# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
neverallow simpleperf_app_runner self:global_capability2_class_set *;