Improve tests protecting private app data
In particular, add assertions limiting which processes may directly open files owned by apps. Reduce this to just apps, init, and installd. App data is protected by a combination of selinux permissions and Unix permissions, so limiting the open permission to just apps (which are not allowed to have CAP_DAC_OVERRIDE or CAP_DAC_READ_SEARCH) ensures that only installd and init have complete access an app's private directory. In addition to apps/init/installd, other processes currently granted open are mediaserver, uncrypt, and vold. Uncrypt's access appears to be deprecated (b/80299612). Uncrypt now uses /data/ota_package instead. b/80418809 and b/80300620 track removal for vold and mediaserver. Test: build/boot aosp_taimen-userdebug. Verify no "granted" audit messages in the logs. Bug: 80190017 Bug: 80300620 Bug: 80418809 Fixes: 80299612 Change-Id: I153bc7b62294b36ccd596254a5976dd887fed046
Showing
- private/domain.te 55 additions, 0 deletionsprivate/domain.te
- public/domain.te 0 additions, 14 deletionspublic/domain.te
- public/init.te 2 additions, 0 deletionspublic/init.te
- public/mediaserver.te 3 additions, 0 deletionspublic/mediaserver.te
- public/uncrypt.te 0 additions, 3 deletionspublic/uncrypt.te
- public/vold.te 3 additions, 0 deletionspublic/vold.te
Loading
Please register or sign in to comment