diff options
| author | Johan Redestig <johan.redestig@sonymobile.com> | 2016-01-08 19:35:19 +0100 |
|---|---|---|
| committer | Sharif Inamdar <isharif@nvidia.com> | 2016-05-03 22:10:55 +0530 |
| commit | 5adf2fdf8e9597fbc739830e3e36fab98f370187 (patch) | |
| tree | ec47e58145248844691f256e2a2ec6e09933a2a6 | |
| parent | 7d20f40879d1cdcc39dc6e876371020c258d5a86 (diff) | |
| download | sepolicy-5adf2fdf8e9597fbc739830e3e36fab98f370187.tar.gz | |
DO NOT MERGE: Neverallow isolated and untrusted apps to write system properties
and as a consequence open up for other appdomains (e.g. platform_app)
to write system properties.
(cherrypicked from commit 0d8e9adf49a1db942ad3c556d87d25bde94e0df5)
Change-Id: Ie6ad4d17247165564456e5b0d78f705a82cdcde7
| -rw-r--r-- | app.te | 6 | ||||
| -rw-r--r-- | isolated_app.te | 4 | ||||
| -rw-r--r-- | untrusted_app.te | 4 |
3 files changed, 8 insertions, 6 deletions
@@ -261,8 +261,6 @@ neverallow appdomain socket_device:sock_file write; # Unix domain sockets. neverallow appdomain adbd_socket:sock_file write; neverallow appdomain installd_socket:sock_file write; -neverallow { appdomain -bluetooth -radio -shell -system_app -nfc } - property_socket:sock_file write; neverallow { appdomain -radio } rild_socket:sock_file write; neverallow appdomain vold_socket:sock_file write; neverallow appdomain zygote_socket:sock_file write; @@ -363,7 +361,3 @@ neverallow { appdomain -system_app -shell } # Ability to perform any filesystem operation other than statfs(2). # i.e. no mount(2), unmount(2), etc. neverallow appdomain fs_type:filesystem ~getattr; - -# Ability to set system properties. -neverallow { appdomain -system_app -radio -shell -bluetooth -nfc } - property_type:property_service set; diff --git a/isolated_app.te b/isolated_app.te index 330f0af..4cf4aa4 100644 --- a/isolated_app.te +++ b/isolated_app.te @@ -25,6 +25,10 @@ allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctl ##### Neverallow ##### +# Do not allow isolated_app to set system properties. +neverallow isolated_app property_socket:sock_file write; +neverallow isolated_app property_type:property_service set; + # Isolated apps should not directly open app data files themselves. neverallow isolated_app app_data_file:file open; diff --git a/untrusted_app.te b/untrusted_app.te index 693a13c..b275937 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -154,3 +154,7 @@ neverallow untrusted_app mlstrustedsubject:process fork; # bugs, so we want to ensure untrusted_app never has this # capability. neverallow untrusted_app file_type:file link; + +# Do not allow untrusted_app to set system properties. +neverallow untrusted_app property_socket:sock_file write; +neverallow untrusted_app property_type:property_service set; |