Don't require seinfo for priv-apps
Relax the requirement to have both seinfo and name specified for
privapps. The original reason for requiring both was because, normally,
a package can only be uniquely specified by both name and signature,
otherwise package squatting could occur. However, privapps are
pre-installed, so the concerns about the potential for package squatting
are eliminated. This change will drastically simplify sepolicy
configuration for priv-apps.
Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller still runs in the
permissioncontroller_app domain.
Change-Id: I5bb2bf84b9db616c4492bd1402550821c70fdd07
diff --git a/private/keys.conf b/private/keys.conf
index 8c899b6..362e73d 100644
--- a/private/keys.conf
+++ b/private/keys.conf
@@ -17,9 +17,6 @@
[@NETWORK_STACK]
ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
-[@PERMISSION_CONTROLLER]
-ALL: $DEFAULT_SYSTEM_DEV_CERTIFICATE/com_google_android_permissioncontroller-container.x509.pem
-
[@SHARED]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem
diff --git a/private/mac_permissions.xml b/private/mac_permissions.xml
index 5095a2a..7fc37c1 100644
--- a/private/mac_permissions.xml
+++ b/private/mac_permissions.xml
@@ -59,10 +59,4 @@
<signer signature="@NETWORK_STACK" >
<seinfo value="network_stack" />
</signer>
-
- <signer signature="@PERMISSION_CONTROLLER" >
- <package name="com.google.android.permissioncontroller">
- <seinfo value="permission_controller" />
- </package>
- </signer>
</policy>
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 3651389..14b63e9 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -113,9 +113,10 @@
neverallow user=((?!system).)* domain=system_app
neverallow user=((?!system).)* type=system_app_data_file
-# anything with a non-known uid with a specified name should have a specified seinfo
-neverallow user=_app name=.* seinfo=""
-neverallow user=_app name=.* seinfo=default
+# any non priv-app with a non-known uid with a specified name should have a specified
+# seinfo
+neverallow user=_app isPrivApp=false name=.* seinfo=""
+neverallow user=_app isPrivApp=false name=.* seinfo=default
# neverallow shared relro to any other domain
# and neverallow any other uid into shared_relro
@@ -156,7 +157,7 @@
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
-user=_app seinfo=permission_controller isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user