Revert "Revert "Enforce execve() restrictions for API > 28"" This reverts commit 15d1a12f7f57f589c2f1401f8e72813546fd8dda. Bug: 118737210 Bug: 112357170 Test: boot marlin Change-Id: Idcfab04b48f843eead4efa9f58a1337c6685c6ca

commit: 5dc2c8c7402e75749025b72d150a6e3c34041de5 [log] [tgz]
author: Yabin Cui <yabinc@google.com> Fri Nov 02 11:12:43 2018 -0700
committer: Yabin Cui <yabinc@google.com> Wed Nov 07 18:07:18 2018 +0000
tree: 86ef65ebb64e14d0c4f5adc02e80a61888263347
parent: 2bb0085dbd1de6ca1fea802d0ea68f6075563aba [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 46b49c2..b8889f7 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -40,6 +40,16 @@
 # but otherwise disallow untrusted apps from reading this property.
 neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
 
+# Block calling execve() on files in an apps home directory.
+# This is a W^X violation (loading executable code from a writable
+# home directory). For compatibility, allow for targetApi <= 28.
+# b/112357170
+neverallow {
+  all_untrusted_apps
+  -untrusted_app_25
+  -untrusted_app_27
+} { app_data_file privapp_data_file }:file execute_no_trans;
+
 # Do not allow untrusted apps to be assigned mlstrustedsubject.
 # This would undermine the per-user isolation model being
 # enforced via levelFrom=user in seapp_contexts and the mls
commit	5dc2c8c7402e75749025b72d150a6e3c34041de5	[log] [tgz]
author	Yabin Cui <yabinc@google.com>	Fri Nov 02 11:12:43 2018 -0700
committer	Yabin Cui <yabinc@google.com>	Wed Nov 07 18:07:18 2018 +0000
tree	86ef65ebb64e14d0c4f5adc02e80a61888263347
parent	2bb0085dbd1de6ca1fea802d0ea68f6075563aba [diff] [blame]