Start partitioning off privapp_data_file from app_data_file
Currently, both untrusted apps and priv-apps use the SELinux file label
"app_data_file" for files in their /data/data directory. This is
problematic, as we really want different rules for such files. For
example, we may want to allow untrusted apps to load executable code
from priv-app directories, but disallow untrusted apps from loading
executable code from their own home directories.
This change adds a new file type "privapp_data_file". For compatibility,
we adjust the policy to support access privapp_data_files almost
everywhere we were previously granting access to app_data_files
(adbd and run-as being exceptions). Additional future tightening is
possible here by removing some of these newly added rules.
This label will start getting used in a followup change to
system/sepolicy/private/seapp_contexts, similar to:
-user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
For now, this newly introduced label has no usage, so this change
is essentially a no-op.
Test: Factory reset and boot - no problems on fresh install.
Test: Upgrade to new version and test. No compatibility problems on
filesystem upgrade.
Change-Id: I9618b7d91d1c2bcb5837cdabc949f0cf741a2837
Showing
- private/app_neverallows.te 1 addition, 0 deletionsprivate/app_neverallows.te
- private/compat/26.0/26.0.cil 1 addition, 1 deletionprivate/compat/26.0/26.0.cil
- private/compat/27.0/27.0.cil 1 addition, 1 deletionprivate/compat/27.0/27.0.cil
- private/compat/28.0/28.0.cil 1 addition, 1 deletionprivate/compat/28.0/28.0.cil
- private/dexoptanalyzer.te 3 additions, 3 deletionsprivate/dexoptanalyzer.te
- private/domain.te 6 additions, 6 deletionsprivate/domain.te
- private/ephemeral_app.te 2 additions, 2 deletionsprivate/ephemeral_app.te
- private/isolated_app.te 2 additions, 2 deletionsprivate/isolated_app.te
- private/mls 6 additions, 6 deletionsprivate/mls
- private/priv_app.te 1 addition, 1 deletionprivate/priv_app.te
- private/storaged.te 1 addition, 1 deletionprivate/storaged.te
- private/surfaceflinger.te 1 addition, 1 deletionprivate/surfaceflinger.te
- private/system_server.te 26 additions, 3 deletionsprivate/system_server.te
- private/untrusted_app_all.te 1 addition, 1 deletionprivate/untrusted_app_all.te
- private/webview_zygote.te 1 addition, 0 deletionsprivate/webview_zygote.te
- public/app.te 2 additions, 2 deletionspublic/app.te
- public/dex2oat.te 2 additions, 2 deletionspublic/dex2oat.te
- public/domain.te 2 additions, 1 deletionpublic/domain.te
- public/drmserver.te 1 addition, 1 deletionpublic/drmserver.te
- public/file.te 2 additions, 0 deletionspublic/file.te
Loading
Please register or sign in to comment