Validate no-cross-domain /proc/PID access
am: 7a46380969
Change-Id: Iba80938afccd21f0c3b69626223b35c672358e77
diff --git a/private/app.te b/private/app.te
index 030f1a5..00ee12a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -402,8 +402,10 @@
# ptrace access to non-app domains.
neverallow appdomain { domain -appdomain }:process ptrace;
-# Write access to /proc/pid entries for any non-app domain.
-neverallow appdomain { domain -appdomain }:file write;
+# Read or write access to /proc/pid entries for any non-app domain.
+# A different form of hidepid=2 like protections
+neverallow appdomain { domain -appdomain }:file no_w_file_perms;
+neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
# signal access to non-app domains.
# sigchld allowed for parent death notification.
diff --git a/public/te_macros b/public/te_macros
index e58ee88..6b41400 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -172,6 +172,8 @@
tmpfs_domain($1)
# Map with PROT_EXEC.
allow $1 $1_tmpfs:file execute;
+neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
+neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
')
#####################################