rs: add tests to ensure rs cannot abuse app data

Test: build Change-Id: I2ea39c767264339e300fceeb23c506883d23a14c

rs: add tests to ensure rs cannot abuse app data
Test: build Change-Id: I2ea39c767264339e300fceeb23c506883d23a14c
561aa01c · Jeff Vander Stoep · 4c3d11c0 · 561aa01c · 561aa01c
Commit 561aa01c authored 6 years ago by Jeff Vander Stoep
--- a/private/rs.te
+++ b/private/rs.te
@@ -28,3 +28,12 @@ allow rs same_process_hal_file:file { r_file_perms execute };
 # File descriptors passed from app to renderscript
 allow rs untrusted_app_all:fd use;
+# rs can access app data, so ensure it can only be entered via an app domain and cannot have
+# CAP_DAC_OVERRIDE.
+neverallow rs rs:capability_class_set *;
+neverallow { domain -appdomain } rs:process { dyntransition transition };
+neverallow rs { domain -crash_dump }:process { dyntransition transition };
+neverallow rs app_data_file:file_class_set ~r_file_perms;
+# rs should never use network sockets
+neverallow rs *:network_socket_class_set *;
--- a/public/global_macros
+++ b/public/global_macros
@@ -14,6 +14,7 @@ define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_
 define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
 define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }')
 define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }')
+define(`network_socket_class_set', `{ icmp_socket rawip_socket tcp_socket udp_socket }')
 define(`ipc_class_set', `{ sem msgq shm ipc }')