Validate no-cross-domain /proc/PID access am: 7a463809 am: 881fe06f am: 25d4a090

am: 457c08cc Change-Id: I96e26eb2f86bc3df8e482c677cdbb6e655652c16

Validate no-cross-domain /proc/PID access am: 7a463809 am: 881fe06f am: 25d4a090
am: 457c08cc Change-Id: I96e26eb2f86bc3df8e482c677cdbb6e655652c16
8d19f93b · Nick Kralevich · android-build-merger · 55ed4cd4 · 457c08cc · 8d19f93b
Commit 8d19f93b authored 7 years ago by Nick Kralevich Committed by android-build-merger 7 years ago
--- a/private/app.te
+++ b/private/app.te
@@ -402,8 +402,10 @@ neverallow appdomain zygote_socket:sock_file write;
 # ptrace access to non-app domains.
 neverallow appdomain { domain -appdomain }:process ptrace;
-# Write access to /proc/pid entries for any non-app domain.
+# Read or write access to /proc/pid entries for any non-app domain.
-neverallow appdomain { domain -appdomain }:file write;
+# A different form of hidepid=2 like protections
+neverallow appdomain { domain -appdomain }:file no_w_file_perms;
+neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
 # signal access to non-app domains.
 # sigchld allowed for parent death notification.

--- a/public/te_macros
+++ b/public/te_macros
@@ -176,6 +176,8 @@ typeattribute $1 appdomain;
 tmpfs_domain($1)
 # Map with PROT_EXEC.
 allow $1 $1_tmpfs:file execute;
+neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
+neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
 ')
 #####################################