Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b61bcc87edf6be86eac50a8007330511d1fa5a59^! / .
commitb61bcc87edf6be86eac50a8007330511d1fa5a59[log] [tgz]
authorZim <zezeozue@google.com>Thu Apr 08 12:20:26 2021 +0100
committerZimuzo Ezeozue <zezeozue@google.com>Tue Apr 13 14:56:44 2021 +0000
tree088205df65e63ad5fc3cc53af9ef02992da3c6b4
parent2bac3f308d06fee74a6a7f8f31f4855c85b14f34 [diff]
Allow appdomain sepolicy search access to /mnt/media_rw

untrusted apps were already granted this policy and we now extend it
to all apps. This allows FileManager apps with the
MANAGE_EXTERNAL_STORAGE permisssion to access USB OTG volumes mounted
on /mnt/media_rw/<vol>.

This permission access in the framework is implemented by granting
those apps the external_storage gid. And at the same time USB volumes
will be mounted on /mnt/media_rw/<vol> with the external_storage gid.
There is no concern of interferring with FUSE on USB volumes because
they are not FUSE mounted.

For sdcards (non-USB) volumes mounted on /mnt/media_rw/<vol>, those
volumes are mounted with the media_rw gid, so even though they are
FUSE mounted on /storage/<vol>, arbitrary apps cannot access the
/mnt/media_rw path since only the FUSE daemon is granted the media_rw
gid.

Test: Manual
Bug: 182732333
Change-Id: I70a3eb1f60f32d051f44253b0db2c7b852d79ba1

diff --git a/private/app.te b/private/app.te
index 0c81515..126f11f 100644
--- a/private/app.te
+++ b/private/app.te

@@ -34,6 +34,9 @@
 # Apps should not be reading vendor-defined properties.
 dontaudit appdomain vendor_default_prop:file read;
 
+# Access to /mnt/media_rw/<vol> (limited by DAC to apps with external_storage gid)
+allow appdomain mnt_media_rw_file:dir search;
+
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind
         relabelfrom relabelto setattr shutdown };

diff --git a/private/system_app.te b/private/system_app.te
index 58322b8..48d5f9d 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -21,9 +21,6 @@
 allow system_app misc_user_data_file:dir create_dir_perms;
 allow system_app misc_user_data_file:file create_file_perms;
 
-# Access to vold-mounted storage for measuring free space
-allow system_app mnt_media_rw_file:dir search;
-
 # Access to apex files stored on /data (b/136063500)
 # Needed so that Settings can access NOTICE files inside apex
 # files located in the assets/ directory.

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index d57939b..6064c14 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -84,10 +84,6 @@
 allow untrusted_app_all media_rw_data_file:dir create_dir_perms;
 allow untrusted_app_all media_rw_data_file:file create_file_perms;
 
-# Traverse into /mnt/media_rw for bypassing FUSE daemon
-# TODO: narrow this to just MediaProvider
-allow untrusted_app_all mnt_media_rw_file:dir search;
-
 # allow cts to query all services
 allow untrusted_app_all servicemanager:service_manager list;