Revert "Introduce app_data_file_type attribute."
This reverts commit 27e0c740f1894e9a390b7105255eb29401d25c35.
Reason for revert: b/172926597
Change-Id: Id2443446cbdf51dc05b303028377895b9cf2a09e
diff --git a/private/app_zygote.te b/private/app_zygote.te
index 98ef3ed..9285323 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -93,7 +93,14 @@
neverallow app_zygote property_type:property_service set;
# Should not have any access to data files.
-neverallow app_zygote app_data_file_type:file { rwx_file_perms };
+neverallow app_zygote {
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { rwx_file_perms };
neverallow app_zygote {
service_manager_type
diff --git a/private/seapp_contexts b/private/seapp_contexts
index dedc315..487a577 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -79,8 +79,7 @@
# domain= determines the label to be used for the app process; entries
# without domain= are ignored for this purpose.
# type= specifies the label to be used for the app data directory; entries
-# without type= are ignored for this purpose. The label specified must
-# have the app_data_file_type attribute.
+# without type= are ignored for this purpose.
# levelFrom and level are used to determine the level (sensitivity + categories)
# for MLS/MCS.
# levelFrom=none omits the level.
diff --git a/private/system_server.te b/private/system_server.te
index 889a11b..0d48554 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -519,7 +519,16 @@
allow system_server staging_data_file:file create_file_perms;
# Walk /data/data subdirectories.
-allow system_server app_data_file_type:dir { getattr read search };
+# Types extracted from seapp_contexts type= fields.
+allow system_server {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:dir { getattr read search };
# Also permit for unlabeled /data/data subdirectories and
# for unlabeled asec containers on upgrades from 4.2.
@@ -532,7 +541,16 @@
allow system_server system_app_data_file:file create_file_perms;
# Receive and use open app data files passed over binder IPC.
-allow system_server app_data_file_type:file { getattr read write append map };
+# Types extracted from seapp_contexts type= fields.
+allow system_server {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { getattr read write append map };
# Access to /data/media for measuring disk usage.
allow system_server media_rw_data_file:dir { search getattr open read };
@@ -1023,11 +1041,14 @@
# system server should never be operating on zygote spawned app data
# files directly. Rather, they should always be passed via a
# file descriptor.
-# Exclude those types that system_server needs to open directly.
+# Types extracted from seapp_contexts type= fields, excluding
+# those types that system_server needs to open directly.
neverallow system_server {
- app_data_file_type
- -system_app_data_file
- -radio_data_file
+ bluetooth_data_file
+ nfc_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
}:file { open create unlink link };
# Forking and execing is inherently dangerous and racy. See, for
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index bdad219..969ab9c 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -103,7 +103,15 @@
neverallow webview_zygote property_type:property_service set;
# Should not have any access to app data files.
-neverallow webview_zygote app_data_file_type:file { rwx_file_perms };
+neverallow webview_zygote {
+ app_data_file
+ privapp_data_file
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+}:file { rwx_file_perms };
neverallow webview_zygote {
service_manager_type
diff --git a/private/zygote.te b/private/zygote.te
index d3d08bf..fac9ad0 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -77,10 +77,15 @@
allow zygote mirror_data_file:dir r_dir_perms;
-# Get inode of directories for app data isolation
+# Get inode of data directories
allow zygote {
- app_data_file_type
system_data_file
+ radio_data_file
+ app_data_file
+ shell_data_file
+ bluetooth_data_file
+ privapp_data_file
+ nfc_data_file
mnt_expand_file
}:dir getattr;
@@ -240,4 +245,7 @@
}:file create_file_perms;
# Zygote should not be able to access app private data.
-neverallow zygote app_data_file_type:dir ~getattr;
+neverallow zygote {
+ privapp_data_file
+ app_data_file
+}:dir ~getattr;