Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 39e29b6f29966961026a113f2e4b29ca443e505e^1..39e29b6f29966961026a113f2e4b29ca443e505e / .
commit39e29b6f29966961026a113f2e4b29ca443e505e[log] [tgz]
authorJohan Redestig <johan.redestig@sonymobile.com>Fri Jan 08 19:49:15 2016 +0000
committerandroid-build-merger <android-build-merger@google.com>Fri Jan 08 19:49:15 2016 +0000
treec9d938aac1563e2f95871a45a0e57662316278e3
parentc00e771cf6b0aafe17cecc6a335ebe2ad5ba0640 [diff]
parentfc3b0dd350598fb8a9219b296f15ec241fbcdbb2 [diff]
Neverallow isolated and untrusted apps to write system properties am: 0d8e9adf49
am: fc3b0dd350

* commit 'fc3b0dd350598fb8a9219b296f15ec241fbcdbb2':
  Neverallow isolated and untrusted apps to write system properties

diff --git a/app.te b/app.te
index 3400836..b31fce0 100644
--- a/app.te
+++ b/app.te

@@ -281,8 +281,6 @@
 # Unix domain sockets.
 neverallow appdomain adbd_socket:sock_file write;
 neverallow appdomain installd_socket:sock_file write;
-neverallow { appdomain -bluetooth -radio -shell -system_app -nfc }
-    property_socket:sock_file write;
 neverallow { appdomain -radio } rild_socket:sock_file write;
 neverallow appdomain vold_socket:sock_file write;
 neverallow appdomain zygote_socket:sock_file write;
@@ -388,10 +386,6 @@
 # i.e. no mount(2), unmount(2), etc.
 neverallow appdomain fs_type:filesystem ~getattr;
 
-# Ability to set system properties.
-neverallow { appdomain -system_app -radio -shell -bluetooth -nfc }
-    property_type:property_service set;
-
 # prevent creation/manipulation of globally readable symlinks
 neverallow appdomain {
   apk_data_file

diff --git a/isolated_app.te b/isolated_app.te
index ff9b525..4d37b51 100644
--- a/isolated_app.te
+++ b/isolated_app.te

@@ -29,6 +29,10 @@
 ##### Neverallow
 #####
 
+# Do not allow isolated_app to set system properties.
+neverallow isolated_app property_socket:sock_file write;
+neverallow isolated_app property_type:property_service set;
+
 # Isolated apps should not directly open app data files themselves.
 neverallow isolated_app app_data_file:file open;
 

diff --git a/untrusted_app.te b/untrusted_app.te
index 0aca8b0..b5a00d6 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -147,3 +147,7 @@
 # Do not allow untrusted_app access to /cache
 neverallow untrusted_app { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
 neverallow untrusted_app { cache_file cache_recovery_file }:file ~{ read getattr };
+
+# Do not allow untrusted_app to set system properties.
+neverallow untrusted_app property_socket:sock_file write;
+neverallow untrusted_app property_type:property_service set;