tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/seapp_contexts
Stephen Smalley b9760aa0d5 Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps. 
Platform (any of the apps signed by build keys, i.e. platform|release|shared|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder.  Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps.

Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps.
Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps.
Specify this new type for the platform app entries in seapp_contexts.
Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.
2012-07-27 11:07:09 -04:00

40 lines
1.8 KiB
Text
Raw Blame History

# Input selectors:
# isSystemServer (boolean)
# user (string)
# seinfo (string)
# name (string)
# isSystemServer=true can only be used once.
# An unspecified boolean defaults to false.
# An unspecified string selector will match any value.
# A user string selector that ends in * will perform a prefix match.
# seinfo= is only used when looking up app process security contexts.
# All specified input selectors in an entry must match (i.e. logical AND).
# Matching is case-insensitive.
# Precedence rules:
# (1) isSystemServer=true before isSystemServer=false.
# (2) Specified user= string before unspecified user= string.
# (3) Fixed user= string before user= prefix (i.e. ending in *).
# (4) Longer user= prefix before shorter user= prefix.
# (5) Specified seinfo= string before unspecified seinfo= string.
# (6) Specified name= string before unspecified name= string.
#
# Outputs:
# domain (string)
# type (string)
# levelFromUid (boolean)
# level (string)
# Only entries that specify domain= will be used for app process labeling.
# Only entries that specify type= will be used for app directory labeling.
# levelfromUid is only supported for app UIDs presently.
# level may be used to specify a fixed level for any UID.
#
isSystemServer=true domain=system
user=system domain=system_app type=system_data_file
user=nfc domain=nfc type=nfc_data_file
user=radio domain=radio type=radio_data_file
user=app_* domain=untrusted_app type=app_data_file levelFromUid=true
user=app_* seinfo=platform domain=platform_app type=platform_app_data_file
user=app_* seinfo=shared domain=shared_app type=platform_app_data_file
user=app_* seinfo=media domain=media_app type=platform_app_data_file
user=app_* seinfo=release domain=release_app type=platform_app_data_file
user=app_* seinfo=release name=com.android.browser domain=browser_app type=platform_app_data_file
Reference in a new issue View git blame Copy permalink