sepolicy for ashmemd all_untrusted_apps apart from untrusted_app_{25, 27} and mediaprovider are now expected to go to ashmemd for /dev/ashmem fds. Give coredomain access to ashmemd, because ashmemd is the default way for coredomain to get a /dev/ashmem fd. Bug: 113362644 Test: device boots, ashmemd running Test: Chrome app works Test: "lsof /system/lib64/libashmemd_client.so" shows libashmemd_client.so being loaded into apps. Change-Id: I279448c3104c5d08a1fefe31730488924ce1b37a

commit: 73d0a67b06ef7b08d653383e8024789521270545 [log] [tgz]
author: Tri Vo <trong@google.com> Sun Jan 27 13:39:19 2019 -0800
committer: Tri Vo <trong@google.com> Tue Feb 05 21:38:14 2019 +0000
tree: 0cb3e6b5d4df95a70082d1a5a1fb517383747ad3
parent: 87988fa6a6c925db44ac5963fb5220f34401342e [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 4ecb355..e46c4ef 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -334,3 +334,13 @@
 
 # Untrusted apps are not allowed to use cgroups.
 neverallow all_untrusted_apps cgroup:file *;
+
+# TODO(b/113362644): remove open permission from these domains.
+# Untrusted apps targetting >= Q are not allowed to open /dev/ashmem directly.
+#neverallow {
+#  all_untrusted_apps
+# TODO(b/113362644): route mediaprovider to ashmemd
+#  -mediaprovider
+#  -untrusted_app_25
+#  -untrusted_app_27
+#} ashmem_device:chr_file open;
commit	73d0a67b06ef7b08d653383e8024789521270545	[log] [tgz]
author	Tri Vo <trong@google.com>	Sun Jan 27 13:39:19 2019 -0800
committer	Tri Vo <trong@google.com>	Tue Feb 05 21:38:14 2019 +0000
tree	0cb3e6b5d4df95a70082d1a5a1fb517383747ad3
parent	87988fa6a6c925db44ac5963fb5220f34401342e [diff] [blame]