Merge "Coalesce shared_app, media_app, release_app into untrusted_app."

2b749272 · Nick Kralevich · Gerrit Code Review · 6252b631 · 9ba844fe · 2b749272
Commit 2b749272 authored 11 years ago by Nick Kralevich Committed by Gerrit Code Review 11 years ago
--- a/app.te
+++ b/app.te
@@ -95,6 +95,7 @@ allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdow
 # to any app that has backup ability. Hence, no open permissions here.
 allow appdomain backup_data_file:file { read write getattr };
 allow appdomain cache_backup_file:file { read write getattr };
+allow appdomain cache_backup_file:dir getattr;
 # Backup ability using 'adb backup'
 allow appdomain system_data_file:lnk_file getattr;


--- a/attributes
+++ b/attributes
@@ -65,8 +65,5 @@ attribute bluetoothdomain;
 # All domains used for binder service domains.
 attribute binderservicedomain;

-# Allow domains used for platform (signed by build key) apps.
-attribute platformappdomain;
-
 # All domains which are allowed the "relabelto" permission
 attribute relabeltodomain;
--- a/mac_permissions.xml
+++ b/mac_permissions.xml
@@ -26,21 +26,6 @@
      <seinfo value="platform" />
    </signer>

-    <!-- Media dev key in AOSP -->
-    <signer signature="@MEDIA" >
-      <seinfo value="media" />
-    </signer>
-
-    <!-- shared dev key in AOSP -->
-    <signer signature="@SHARED" >
-      <seinfo value="shared" />
-    </signer>
-
-    <!-- release dev key in AOSP -->
-    <signer signature="@RELEASE" >
-      <seinfo value="release" />
-    </signer>
-
    <!-- All other keys -->
    <default>
      <seinfo value="default" />

--- a/media_app.te
+++ b/media_app.te
-###
-### Apps signed with the media key.
-###
-
-type media_app, domain;
-app_domain(media_app)
-platform_app_domain(media_app)
-binder_service(media_app)
-# Access the network.
-net_domain(media_app)
-# Access /dev/mtp_usb.
-allow media_app mtp_device:chr_file rw_file_perms;
-# Stat /cache/backup
-allow media_app cache_backup_file:file getattr;
-allow media_app cache_backup_file:dir getattr;
-
-# inherits from platformappdomain.te
--- a/platform_app.te
+++ b/platform_app.te
@@ -5,7 +5,6 @@
 type platform_app, domain;
 permissive_or_unconfined(platform_app)
 app_domain(platform_app)
-platform_app_domain(platform_app)
 # Access the network.
 net_domain(platform_app)
 # Access bluetooth.
@@ -22,4 +21,10 @@ allow platform_app apk_private_data_file:dir search;
 allow platform_app asec_apk_file:dir create_dir_perms;
 allow platform_app asec_apk_file:file create_file_perms;

-# inherits from platformappdomain.te
+# Access to /data/media.
+allow platform_app media_rw_data_file:dir create_dir_perms;
+allow platform_app media_rw_data_file:file create_file_perms;
+
+# Write to /cache.
+allow platform_app cache_file:dir create_dir_perms;
+allow platform_app cache_file:file create_file_perms;
--- a/platformappdomain.te
+++ b/platformappdomain.te
-#
-# Rules for all platform app domains.
-# These rules are inherited by any domain that includes platform_app_domain().
-# Presently this consists of the four app domains corresponding to apps
-# signed by one of the four build keys: platform_app, shared_app, media_app,
-# release_app.  These app domains have greater permissions to specific
-# directories owned by groups that are restricted to apps with
-# Android permissions that are signature|system.
-
-# Access to /data/media.
-allow platformappdomain media_rw_data_file:dir create_dir_perms;
-allow platformappdomain media_rw_data_file:file create_file_perms;
-
-# Write to /cache.
-allow platformappdomain cache_file:dir create_dir_perms;
-allow platformappdomain cache_file:file create_file_perms;
--- a/release_app.te
+++ b/release_app.te
-###
-### Apps signed with the release key (testkey in AOSP).
-###
-
-type release_app, domain;
-permissive_or_unconfined(release_app)
-app_domain(release_app)
-platform_app_domain(release_app)
-# Access the network.
-net_domain(release_app)
-# Access bluetooth.
-bluetooth_domain(release_app)
-
-# inherits from platformappdomain.te
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -40,9 +40,6 @@ user=bluetooth domain=bluetooth type=bluetooth_data_file
 user=nfc domain=nfc type=nfc_data_file
 user=radio domain=radio type=radio_data_file
 user=shell domain=shell type=shell_data_file
-user=_app domain=untrusted_app type=app_data_file
-user=_app seinfo=platform domain=platform_app type=app_data_file
-user=_app seinfo=shared domain=shared_app type=app_data_file
-user=_app seinfo=media domain=media_app type=app_data_file
-user=_app seinfo=release domain=release_app type=app_data_file
 user=_isolated domain=isolated_app
+user=_app seinfo=platform domain=platform_app type=app_data_file
+user=_app domain=untrusted_app type=app_data_file
--- a/shared_app.te
+++ b/shared_app.te
-###
-### Apps signed with the shared key.
-###
-
-type shared_app, domain;
-permissive_or_unconfined(shared_app)
-app_domain(shared_app)
-platform_app_domain(shared_app)
-# Access the network.
-net_domain(shared_app)
-# Access bluetooth.
-bluetooth_domain(shared_app)
-
-# inherits from platformappdomain.te
--- a/te_macros
+++ b/te_macros
@@ -118,14 +118,6 @@ define(`relabelto_domain', `
 typeattribute $1 relabeltodomain;
 ')

-#####################################
-# platform_app_domain(domain)
-# Allow permissions specific to platform apps.
-define(`platform_app_domain', `
-typeattribute $1 platformappdomain;
-typeattribute $1 mlstrustedsubject;
-')
-
 #####################################
 # net_domain(domain)
 # Allow a base set of permissions required for network access.

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -10,7 +10,7 @@
 ### and AID_ISOLATED_START (99000) if the app has no specific seinfo
 ### value as determined from mac_permissions.xml.  In current AOSP, this
 ### domain is assigned to all non-system apps as well as to any system apps
-### that are not signed by one of the four platform keys.  To move
+### that are not signed by the platform key.  To move
 ### a system app into a specific domain, add a signer entry for it to
 ### mac_permissions.xml and assign it one of the pre-existing seinfo values
 ### or define and use a new seinfo value in both mac_permissions.xml and
@@ -48,3 +48,19 @@ create_pty(untrusted_app)
 # Figure out a way to remove these rules.
 allow untrusted_app shell_data_file:file r_file_perms;
 allow untrusted_app shell_data_file:dir r_dir_perms;
+
+#
+# Rules migrated from old app domains coalesced into untrusted_app.
+# This includes what used to be media_app, shared_app, and release_app.
+#
+
+# Access /dev/mtp_usb.
+allow untrusted_app mtp_device:chr_file rw_file_perms;
+
+# Access to /data/media.
+allow untrusted_app media_rw_data_file:dir create_dir_perms;
+allow untrusted_app media_rw_data_file:file create_file_perms;
+
+# Write to /cache.
+allow untrusted_app cache_file:dir create_dir_perms;
+allow untrusted_app cache_file:file create_file_perms;