From 890414725f35fae61a3f16532724c8f6365599f9 Mon Sep 17 00:00:00 2001
From: Alan Stokes <alanstokes@google.com>
Date: Fri, 14 Dec 2018 14:34:29 +0000
Subject: [PATCH] Audit execution of app_data_file native code.

On debug builds, introduce audit logging of apps targeting SDK <= 28
that execute native code from a non-priv app home directory via
execve() or dl_open().

Bug: 111338677
Test: Builds + boots.
Test: Launch app that uses private .so files, see granted logs.
Change-Id: I5880801d3a29cbf2c1cf4e0d72adc69a9d548952
---
 private/untrusted_app_25.te | 1 +
 private/untrusted_app_27.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 8825e2e78..0db825ae9 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -49,6 +49,7 @@ allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file exe
 # directories for targetApi<=25. This is also allowed for targetAPIs 26,
 # 27, and 28 in untrusted_app_27.te.
 allow untrusted_app_25 app_data_file:file { execute execute_no_trans };
+userdebug_or_eng(`auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans };')
 
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index fab6acc36..f3b9df821 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -30,6 +30,7 @@ bluetooth_domain(untrusted_app_27)
 # The ability to call exec() or dlopen() on files in the apps home
 # directories for targetApi 26, 27, and 28.
 allow untrusted_app_27 app_data_file:file { execute execute_no_trans };
+userdebug_or_eng(`auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans };')
 
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
-- 
GitLab