rename rs_data_file to app_exec_data_file

There are multiple trusted system components which may be responsible for creating executable code within an application's home directory. Renderscript is just one of those trusted components. Generalize rs_data_file to app_exec_data_file. This label is intended to be used for any executable code created by trusted components placed into an application's home directory. Introduce a typealias statement to ensure files with the previous label continue to be understood by policy. This change is effectively a no-op, as it just renames a type, but neither adds or removes any rules. Bug: 121375718 Bug: 112357170 Test: cts-tradefed run cts-dev -m CtsRenderscriptTestCases Change-Id: I17dca5e3e8a1237eb236761862174744fb2196c0

rename rs_data_file to app_exec_data_file
There are multiple trusted system components which may be responsible for creating executable code within an application's home directory. Renderscript is just one of those trusted components. Generalize rs_data_file to app_exec_data_file. This label is intended to be used for any executable code created by trusted components placed into an application's home directory. Introduce a typealias statement to ensure files with the previous label continue to be understood by policy. This change is effectively a no-op, as it just renames a type, but neither adds or removes any rules. Bug: 121375718 Bug: 112357170 Test: cts-tradefed run cts-dev -m CtsRenderscriptTestCases Change-Id: I17dca5e3e8a1237eb236761862174744fb2196c0
fb66c6f8 · Nick Kralevich · b7246ac0 · fb66c6f8 · fb66c6f8 · fb66c6f8
Commit fb66c6f8 authored 6 years ago by Nick Kralevich
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -41,10 +41,10 @@ neverallow { all_untrusted_apps -mediaprovider } property_type:property_service
 # but otherwise disallow untrusted apps from reading this property.
 neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
-# Renderscript created files within an app home directory can be
+# Shared libraries created by trusted components within an app home
-# dlopen()ed. To maintain the W^X property, these files
+# directory can be dlopen()ed. To maintain the W^X property, these files
 # must never be writable to the app.
-neverallow all_untrusted_apps rs_data_file:file
+neverallow all_untrusted_apps app_exec_data_file:file
  { append create link relabelfrom relabelto rename setattr write };
 # Block calling execve() on files in an apps home directory.
@@ -127,7 +127,7 @@ neverallow { all_untrusted_apps -mediaprovider } {
  file_type
  -app_data_file            # The apps sandbox itself
  -privapp_data_file
-  -rs_data_file             # stored within the app sandbox directory
+  -app_exec_data_file       # stored within the app sandbox directory
  -media_rw_data_file       # Internal storage. Known that apps can
                            # leave artfacts here after uninstall.
  -user_profile_data_file   # Access to profile files

--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -27,9 +27,9 @@ allow ephemeral_app app_data_file:file     { r_file_perms execute };
 # Allow the renderscript compiler to be run.
 domain_auto_trans(ephemeral_app, rs_exec, rs)
-# Allow loading and deleting renderscript created shared libraries
+# Allow loading and deleting shared libraries created by trusted system
-# within an application home directory.
+# components within an application home directory.
-allow ephemeral_app rs_data_file:file { r_file_perms execute unlink };
+allow ephemeral_app app_exec_data_file:file { r_file_perms execute unlink };
 # services
 allow ephemeral_app audioserver_service:service_manager find;

--- a/private/file.te
+++ b/private/file.te
@@ -13,5 +13,6 @@ type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
 # /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
 type debugfs_kcov, fs_type, debugfs_type;
-# renderscript created files in /data/data directories
+# App executable files in /data/data directories
-type rs_data_file, file_type, data_file_type, core_data_file_type;
+type app_exec_data_file, file_type, data_file_type, core_data_file_type;
+typealias app_exec_data_file alias rs_data_file;
--- a/private/installd.te
+++ b/private/installd.te
@@ -22,4 +22,4 @@ allow installd dumpstate:fd use;
 allow installd dumpstate:fifo_file r_file_perms;
 # Delete /system/bin/bcc generated artifacts
-allow installd rs_data_file:file unlink;
+allow installd app_exec_data_file:file unlink;
--- a/private/rs.te
+++ b/private/rs.te
 # Any files which would have been created as app_data_file
-# will be created as rs_data_file instead.
+# will be created as app_exec_data_file instead.
 allow rs app_data_file:dir ra_dir_perms;
-allow rs rs_data_file:file create_file_perms;
+allow rs app_exec_data_file:file create_file_perms;
-type_transition rs app_data_file:file rs_data_file;
+type_transition rs app_data_file:file app_exec_data_file;
 # Follow /data/user/0 symlink
 allow rs system_data_file:lnk_file read;
@@ -11,7 +11,7 @@ allow rs system_data_file:lnk_file read;
 allow rs app_data_file:file r_file_perms;
 allow rs app_data_file:dir r_dir_perms;
-# Cleanup rs_data_file files in the app home directory.
+# Cleanup app_exec_data_file files in the app home directory.
 allow rs app_data_file:dir remove_name;
 # Use vendor resources

--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -25,9 +25,10 @@
 allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
 allow untrusted_app_all app_data_file:file     { r_file_perms execute };
-# Allow loading and deleting renderscript created shared libraries
+# Allow loading and deleting executable shared libraries
-# within an application home directory.
+# within an application home directory. Such shared libraries would be
-allow untrusted_app_all rs_data_file:file { r_file_perms execute unlink };
+# created by things like renderscript or via other mechanisms.
+allow untrusted_app_all app_exec_data_file:file { r_file_perms execute unlink };
 # ASEC
 allow untrusted_app_all asec_apk_file:file r_file_perms;