commit b238fe666212ce86fe3fe1521e9692a361a53047
author Fyodor Kupolov <fkupolov@google.com> Tue Mar 14 11:42:03 2017 -0700
committer Fyodor Kupolov <fkupolov@google.com> Wed Mar 15 00:49:37 2017 +0000
tree 01eff8e974e399a8ab9812f383bf98bc4b4fbfd7
parent 41518bec2508c85eb8797980321d3912b4598261

Split preloads into media_file and data_file

Untrusted apps should only access /data/preloads/media and demo directory.

Bug: 36197686
Test: Verified retail mode.
      Checked non-privileged APK cannot access /data/preloads
Change-Id: I8e9c21ff6aba799aa31bf06893cdf60dafc04446

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 2f8066a..15ab764 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -97,3 +97,6 @@
 # Avoid reads from generically labeled /proc files
 # Create a more specific label if needed
 neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
+
+# Do not allow untrusted apps access to preloads data files
+neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 03ab637..2f009ac 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -291,6 +291,8 @@
 /data/nativetest64(/.*)?	u:object_r:nativetest_data_file:s0
 /data/property(/.*)?	u:object_r:property_data_file:s0
 /data/preloads(/.*)?	u:object_r:preloads_data_file:s0
+/data/preloads/media(/.*)?	u:object_r:preloads_media_file:s0
+/data/preloads/demo(/.*)?	u:object_r:preloads_media_file:s0
 
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0

private/platform_app.te

diff --git a/private/platform_app.te b/private/platform_app.te
index 2817e5a..6b18d8f 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -56,5 +56,7 @@
 # Access to /data/preloads
 allow platform_app preloads_data_file:file r_file_perms;
 allow platform_app preloads_data_file:dir r_dir_perms;
+allow platform_app preloads_media_file:file r_file_perms;
+allow platform_app preloads_media_file:dir r_dir_perms;
 
 read_runtime_log_tags(platform_app)

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index 76dbb98..83a4b3f 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -96,6 +96,8 @@
 # Access to /data/preloads
 allow priv_app preloads_data_file:file r_file_perms;
 allow priv_app preloads_data_file:dir r_dir_perms;
+allow priv_app preloads_media_file:file r_file_perms;
+allow priv_app preloads_media_file:dir r_dir_perms;
 
 # TODO: revert this as part of fixing 33574909
 # android.process.media uses /dev/mtp_usb

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index d78c576..f25e8ce 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -599,6 +599,8 @@
 # Access to /data/preloads
 allow system_server preloads_data_file:file { r_file_perms unlink };
 allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir };
+allow system_server preloads_media_file:file { r_file_perms unlink };
+allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir };
 
 r_dir_file(system_server, cgroup)
 allow system_server ion_device:chr_file r_file_perms;

private/untrusted_app_all.te

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 6534412..993b3d0 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -88,6 +88,7 @@
 allow untrusted_app_all sysfs_hwrandom:dir search;
 allow untrusted_app_all sysfs_hwrandom:file r_file_perms;
 
-# Allow apps to view preloaded content
-allow untrusted_app_all preloads_data_file:dir r_dir_perms;
-allow untrusted_app_all preloads_data_file:file r_file_perms;
+# Allow apps to view preloaded media content
+allow untrusted_app_all preloads_media_file:dir r_dir_perms;
+allow untrusted_app_all preloads_media_file:file r_file_perms;
+allow untrusted_app_all preloads_data_file:dir search;