cfe1baea25
By convention, auditallow statements are always placed in userdebug_or_eng() blocks. This ensures that we don't inadvertently ship audit rules on production devices, which could result in device logspam, and in pathological situations, impact device performance (generating audit messages is much more expensive than a standard SELinux check). Bug: 117606664 Test: policy compiles. Change-Id: I681ed73c83683e8fdbef9cf662488115f6e7a490
37 lines
1.6 KiB
Text
37 lines
1.6 KiB
Text
###
|
|
### Untrusted_27.
|
|
###
|
|
### This file defines the rules for untrusted apps running with
|
|
### 25 < targetSdkVersion <= 28.
|
|
###
|
|
### This file defines the rules for untrusted apps.
|
|
### Apps are labeled based on mac_permissions.xml (maps signer and
|
|
### optionally package name to seinfo value) and seapp_contexts (maps UID
|
|
### and optionally seinfo value to domain for process and type for data
|
|
### directory). The untrusted_app_27 domain is the default assignment in
|
|
### seapp_contexts for any app with UID between APP_AID (10000)
|
|
### and AID_ISOLATED_START (99000) if the app has no specific seinfo
|
|
### value as determined from mac_permissions.xml. In current AOSP, this
|
|
### domain is assigned to all non-system apps as well as to any system apps
|
|
### that are not signed by the platform key. To move
|
|
### a system app into a specific domain, add a signer entry for it to
|
|
### mac_permissions.xml and assign it one of the pre-existing seinfo values
|
|
### or define and use a new seinfo value in both mac_permissions.xml and
|
|
### seapp_contexts.
|
|
###
|
|
|
|
typeattribute untrusted_app_27 coredomain;
|
|
|
|
app_domain(untrusted_app_27)
|
|
untrusted_app_domain(untrusted_app_27)
|
|
net_domain(untrusted_app_27)
|
|
bluetooth_domain(untrusted_app_27)
|
|
|
|
# The ability to call exec() on files in the apps home directories
|
|
# for targetApi 26, 27, and 28.
|
|
allow untrusted_app_27 app_data_file:file execute_no_trans;
|
|
|
|
# The ability to invoke dex2oat. Historically required by ART, now only
|
|
# allowed for targetApi<=28 for compat reasons.
|
|
allow untrusted_app_27 dex2oat_exec:file rx_file_perms;
|
|
userdebug_or_eng(`auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;')
|