private · 43303c8b89ac7792bfc90be4fa4aa338ea9d3be4 · CodeLinaro / public-release-test / platform / system / sepolicy

Jeff Vander Stoep authored 7 years ago

/proc/net/xt_qtaguid is used by apps to track their network data
use. Limit access to just zygote spawned processes - apps and
system_server, omitting access to isolated_app which is not allowed
to create network sockets.
As Android moves to eBPF for app's network data stats, access to
/proc/net/xt_qtaguid will be removed entirely. Segmenting access off
is the first step.
Bug: 68774956

This change also helps further segment and whitelist access to
files in /proc/net and is a step in the lockdown of /proc/net.
Bug: 9496886

Test: boot Taimen. Walk through setup-wizard. Make phone call and
    video call. Browse web. Watch youtube. Navigate in maps.
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t \
    android.appsecurity.cts.AppSecurityTests
Test: cts-tradefed run cts -m CtsNativeNetTestCases
Test: cts-tradefed run cts -m CtsIncidentHostTestCases -t \
    com.android.server.cts.NetstatsIncidentTest
Test: cts-tradefed run cts -m CtsOsTestCases -t \
    android.os.cts.StrictModeTest
Test: cts-tradefed run cts -m CtsNetTestCases -t \
    android.net.cts.TrafficStatsTest
Test: cts-tradefed run cts -m CtsUsageStatsTestCases -t \
    android.app.usage.cts.NetworkUsageStatsTest
Test: vts-tradefed run vts -m VtsQtaguidTest
Change-Id: Idddd318c56b84564142d37b11dcc225a2f2800ea

43303c8b

Name	Last commit	Last update
..
compat
access_vectors
adbd.te
app.te
app_neverallows.te
asan_extract.te
atrace.te
audioserver.te
binder_in_vendor_violators.te
binderservicedomain.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bufferhubd.te
bug_map
cameraserver.te
charger.te
clatd.te
coredomain.te
cppreopts.te
crash_dump.te
dex2oat.te
dexoptanalyzer.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
fsck_untrusted.te
gatekeeperd.te
genfs_contexts
hal_allocator_default.te
halclientdomain.te
halserverdomain.te
healthd.te
hwservice_contexts
hwservicemanager.te
idmap.te
incident.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
mediaserver.te
mls
mls_decl
mls_macros
modprobe.te
mtp.te
net.te
netd.te
netutils_wrapper.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
preopt2cachename.te
priv_app.te
profman.te
property_contexts
racoon.te
radio.te
recovery.te
recovery_persist.te
recovery_refresh.te
roles_decl
runas.te