Skip to content
Snippets Groups Projects
Commit 21eed511 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Block access to xt_qtaguid proc files"

parents da427a33 16dbe82e
Branches
No related tags found
No related merge requests found
......@@ -92,21 +92,6 @@ r_dir_file(priv_app, proc_net_type)
userdebug_or_eng(`
auditallow priv_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
# TODO(b/68774956) qtaguid access has been moved to netd. Access is deprecated. Audit for
# removal.
allow priv_app proc_qtaguid_ctrl:file rw_file_perms;
userdebug_or_eng(`
auditallow priv_app proc_qtaguid_ctrl:file rw_file_perms;
')
r_dir_file(priv_app, proc_qtaguid_stat)
userdebug_or_eng(`
auditallow priv_app proc_qtaguid_stat:dir r_dir_perms;
auditallow priv_app proc_qtaguid_stat:file r_file_perms;
')
allow priv_app qtaguid_device:chr_file r_file_perms;
userdebug_or_eng(`
auditallow priv_app qtaguid_device:chr_file r_file_perms;
')
allow priv_app sysfs_type:dir search;
# Read access to /sys/class/net/wlan*/address
......
......@@ -41,12 +41,6 @@ allow untrusted_app_25 proc_misc:file r_file_perms;
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
# qtaguid access. This is not a public API. Access will be removed in a
# future version of Android.
allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
r_dir_file(untrusted_app_25, proc_qtaguid_stat)
allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
# Text relocation support for API < 23
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
......@@ -26,9 +26,3 @@ app_domain(untrusted_app_27)
untrusted_app_domain(untrusted_app_27)
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
# qtaguid access. This is not a public API. Access will be removed in a
# future version of Android.
allow untrusted_app_27 proc_qtaguid_ctrl:file rw_file_perms;
r_dir_file(untrusted_app_27, proc_qtaguid_stat)
allow untrusted_app_27 qtaguid_device:chr_file r_file_perms;
......@@ -129,7 +129,6 @@ allow shell {
proc_meminfo
proc_modules
proc_pid_max
proc_qtaguid_stat
proc_slabinfo
proc_stat
proc_timer
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment