Skip to content
Snippets Groups Projects
  • Jeff Vander Stoep's avatar
    Start the process of locking down proc/net · 7a4af30b
    Jeff Vander Stoep authored
    Files in /proc/net leak information. This change is the first step in
    determining which files apps may use, whitelisting benign access, and
    otherwise removing access while providing safe alternative APIs.
    
    To that end, this change:
    * Introduces the proc_net_type attribute which will assigned to any
    new SELinux types in /proc/net to avoid removing access to privileged
    processes. These processes may be evaluated later, but are lower
    priority than apps.
    * Labels /proc/net/{tcp,tcp6,udp,udp6} as proc_net_vpn due to existing
    use by VPN apps. This may be replaced by an alternative API.
    * Audits all other proc/net access for apps.
    * Audits proc/net access for other processes which are currently
    granted broad read access to /proc/net but should not be including
    storaged, zygote, clatd, logd, preopt2cachename and vold.
    
    Bug: 9496886
    Bug: 68016944
    Test: Boot Taimen-userdebug. On both wifi and cellular: stream youtube
        navigate maps, send text message, make voice call, make video call.
        Verify no avc "granted" messages in the logs.
    Test: A few VPN apps including "VPN Monster", "Turbo VPN", and
    "Freighter". Verify no logspam with the current setup.
    Test: atest CtsNativeNetTestCases
    Test: atest netd_integration_test
    Test: atest QtaguidPermissionTest
    Test: atest FileSystemPermissionTest
    
    Change-Id: I7e49f796a25cf68bc698c6c9206e24af3ae11457
    Merged-In: I7e49f796a25cf68bc698c6c9206e24af3ae11457
    (cherry picked from commit 08731895)
    7a4af30b