diff options
-rw-r--r-- | app.te | 6 | ||||
-rw-r--r-- | isolated_app.te | 4 | ||||
-rw-r--r-- | untrusted_app.te | 4 |
3 files changed, 8 insertions, 6 deletions
@@ -261,8 +261,6 @@ neverallow appdomain socket_device:sock_file write; # Unix domain sockets. neverallow appdomain adbd_socket:sock_file write; neverallow appdomain installd_socket:sock_file write; -neverallow { appdomain -bluetooth -radio -shell -system_app -nfc } - property_socket:sock_file write; neverallow { appdomain -radio } rild_socket:sock_file write; neverallow appdomain vold_socket:sock_file write; neverallow appdomain zygote_socket:sock_file write; @@ -363,7 +361,3 @@ neverallow { appdomain -system_app -shell } # Ability to perform any filesystem operation other than statfs(2). # i.e. no mount(2), unmount(2), etc. neverallow appdomain fs_type:filesystem ~getattr; - -# Ability to set system properties. -neverallow { appdomain -system_app -radio -shell -bluetooth -nfc } - property_type:property_service set; diff --git a/isolated_app.te b/isolated_app.te index 330f0af..4cf4aa4 100644 --- a/isolated_app.te +++ b/isolated_app.te @@ -25,6 +25,10 @@ allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctl ##### Neverallow ##### +# Do not allow isolated_app to set system properties. +neverallow isolated_app property_socket:sock_file write; +neverallow isolated_app property_type:property_service set; + # Isolated apps should not directly open app data files themselves. neverallow isolated_app app_data_file:file open; diff --git a/untrusted_app.te b/untrusted_app.te index 693a13c..b275937 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -154,3 +154,7 @@ neverallow untrusted_app mlstrustedsubject:process fork; # bugs, so we want to ensure untrusted_app never has this # capability. neverallow untrusted_app file_type:file link; + +# Do not allow untrusted_app to set system properties. +neverallow untrusted_app property_socket:sock_file write; +neverallow untrusted_app property_type:property_service set; |