f3eb985447
Text relocation support was removed from the linker for apps targeting API >= 23. See https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 However, the security policy was not updated to remove the execmod permission at that time, since we didn't have support for targeting SELinux policies to API versions. Remove execmod permissions for apps targeting API 26 or greater. The linker support was removed, so it's pointless to keep around the SELinux permissions. Retain execmod support for apps targeting API 25 or lower. While in theory we could remove support for API 23-25, that would involve the introduction of a new SELinux domain (and the associated rule explosion), which I would prefer to avoid. This change helps protect application executable code from modification, enforcing W^X properties on executable code pages loaded from files. https://en.wikipedia.org/wiki/W%5EX Test: auditallow rules were added and nothing triggered for apps targeting API >= 26. Code compiles and device boots. Bug: 111544476 Change-Id: Iab9a0bd297411e99699e3651c110e57eb02a3a41
52 lines
2.3 KiB
Text
52 lines
2.3 KiB
Text
###
|
|
### Untrusted_app_25
|
|
###
|
|
### This file defines the rules for untrusted apps running with
|
|
### targetSdkVersion <= 25.
|
|
###
|
|
### Apps are labeled based on mac_permissions.xml (maps signer and
|
|
### optionally package name to seinfo value) and seapp_contexts (maps UID
|
|
### and optionally seinfo value to domain for process and type for data
|
|
### directory). The untrusted_app domain is the default assignment in
|
|
### seapp_contexts for any app with UID between APP_AID (10000)
|
|
### and AID_ISOLATED_START (99000) if the app has no specific seinfo
|
|
### value as determined from mac_permissions.xml. In current AOSP, this
|
|
### domain is assigned to all non-system apps as well as to any system apps
|
|
### that are not signed by the platform key. To move
|
|
### a system app into a specific domain, add a signer entry for it to
|
|
### mac_permissions.xml and assign it one of the pre-existing seinfo values
|
|
### or define and use a new seinfo value in both mac_permissions.xml and
|
|
### seapp_contexts.
|
|
###
|
|
|
|
typeattribute untrusted_app_25 coredomain;
|
|
|
|
app_domain(untrusted_app_25)
|
|
untrusted_app_domain(untrusted_app_25)
|
|
net_domain(untrusted_app_25)
|
|
bluetooth_domain(untrusted_app_25)
|
|
|
|
# b/34115651 - net.dns* properties read
|
|
# This will go away in a future Android release
|
|
get_prop(untrusted_app_25, net_dns_prop)
|
|
|
|
# b/35917228 - /proc/misc access
|
|
# This will go away in a future Android release
|
|
allow untrusted_app_25 proc_misc:file r_file_perms;
|
|
|
|
# Access to /proc/tty/drivers, to allow apps to determine if they
|
|
# are running in an emulated environment.
|
|
# b/33214085 b/33814662 b/33791054 b/33211769
|
|
# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
|
|
# This will go away in a future Android release
|
|
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
|
|
|
|
# qtaguid access. This is not a public API. Access will be removed in a
|
|
# future version of Android.
|
|
allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
|
|
r_dir_file(untrusted_app_25, proc_qtaguid_stat)
|
|
allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
|
|
|
|
# Text relocation support for API < 23
|
|
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
|
|
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
|