Exempt older vendor images from recent mls changes.
We no longer allow apps with mlstrustedsubject access to app_data_file
or privapp_data_file. For compatibility we grant access to all apps on
vendor images for SDK <= 30, whether mlstrustedsubject or not. (The
ones that are not already have access, but that is harmless.)
Additionally we have started adding categories to system_data_file
etc. We treat these older vendor apps as trusted for those types only.
The result is that apps on older vendor images still have all the
access they used to but no new access.
We add a neverallow to prevent the compatibility attribute being
abused.
Test: builds
Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad
diff --git a/private/mls b/private/mls
index 593b316..0e0995c 100644
--- a/private/mls
+++ b/private/mls
@@ -74,7 +74,8 @@
# Read operations: Subject must dominate object unless the subject
# or the object is trusted.
mlsconstrain dir { read getattr search }
- (t2 == app_data_file_type or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+ (t2 == app_data_file_type or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject
+ or (t1 == mlsvendorcompat and (t2 == system_data_file or t2 == user_profile_data_file) ) );
mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
(t2 == app_data_file_type or t2 == appdomain_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);