f9a774f1ae
This can be used as a side channel to observe when an application is launched. Gate this restriction on the application's targetSdkVersion to avoid breaking existing apps. Only apps targeting 34 and above will see the new restriction. Remove duplicate permissions from public/shell.te. Shell is already appdomain, so these permissions are already granted to it. Ignore-AOSP-First: Security fix Bug: 231587164 Test: boot device, install/uninstall apps. Observe no new denials. Test: Run researcher provided PoC. Observe audit messages. Change-Id: Ic7577884e9d994618a38286a42a8047516548782
36 lines
1.2 KiB
Text
36 lines
1.2 KiB
Text
###
|
|
### Untrusted_29.
|
|
###
|
|
### This file defines the rules for untrusted apps running with
|
|
### targetSdkVersion = 29.
|
|
###
|
|
### See public/untrusted_app.te for more information about which apps are
|
|
### placed in this selinux domain.
|
|
###
|
|
|
|
typeattribute untrusted_app_29 coredomain;
|
|
|
|
app_domain(untrusted_app_29)
|
|
untrusted_app_domain(untrusted_app_29)
|
|
net_domain(untrusted_app_29)
|
|
bluetooth_domain(untrusted_app_29)
|
|
|
|
# allow sending RTM_GETNEIGH{TBL} messages.
|
|
allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
|
|
auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
|
|
|
|
# Connect to mdnsd via mdnsd socket.
|
|
unix_socket_connect(untrusted_app_29, mdnsd, mdnsd)
|
|
userdebug_or_eng(`
|
|
auditallow untrusted_app_29 mdnsd_socket:sock_file write;
|
|
auditallow untrusted_app_29 mdnsd:unix_stream_socket connectto;
|
|
')
|
|
|
|
# Allow calling inotify on APKs for backwards compatibility. This is disallowed
|
|
# for targetSdkVersion>=34 to remove a sidechannel.
|
|
allow untrusted_app_29 apk_data_file:dir { watch watch_reads };
|
|
allow untrusted_app_29 apk_data_file:file { watch watch_reads };
|
|
userdebug_or_eng(`
|
|
auditallow untrusted_app_29 apk_data_file:dir { watch watch_reads };
|
|
auditallow untrusted_app_29 apk_data_file:file { watch watch_reads };
|
|
')
|