platform_system_sepolicy/isolated_app.te
dcashman 4b4b2b9293 Remove service_manager_local_audit_domain.
service_manager_local_audit_domain was used to fine tune the service_manager
auditallow rules when introducing the service_manager SELinux rules.  This is no
longer needed.

(cherry-pick of commit: eab26faa60)

Bug: 21656807
Change-Id: Ia042a887e7bf9eb2a2b08b8d831e68dfe6395f75
2015-06-08 11:38:31 -07:00

41 lines
1.2 KiB
Text

###
### Services with isolatedProcess=true in their manifest.
###
### This file defines the rules for isolated apps. An "isolated
### app" is an APP with UID between AID_ISOLATED_START (99000)
### and AID_ISOLATED_END (99999).
###
### isolated_app includes all the appdomain rules, plus the
### additional following rules:
###
type isolated_app, domain;
app_domain(isolated_app)
# Access already open app data files received over Binder or local socket IPC.
allow isolated_app app_data_file:file { read write getattr lock };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
# only allow unprivileged socket ioctl commands
allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
#####
##### Neverallow
#####
# Isolated apps should not directly open app data files themselves.
neverallow isolated_app app_data_file:file open;
# b/17487348
# Isolated apps can only access two services,
# activity_service and display_service
neverallow isolated_app {
service_manager_type
-activity_service
-display_service
}:service_manager find;
# Isolated apps shouldn't be able to access the driver directly.
neverallow isolated_app gpu_device:chr_file { rw_file_perms execute };