Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / bacb6d79360f3591680b215177602dcdc3181bf3^! / . / private / untrusted_app_25.te
commitbacb6d79360f3591680b215177602dcdc3181bf3[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Mon Feb 13 13:33:27 2017 -0800
committerJeff Vander Stoep <jeffv@google.com>Tue Feb 14 13:30:12 2017 -0800
tree43b043a9875a152858558f98f781ea2629aefcc2
parentf54b3622c70d9c0fbdd6cdf2eff89ec5dd5d7f16 [diff] [blame]
untrusted_app: policy versioning based on targetSdkVersion

Motivation:
Provide the ability to phase in new security policies by
applying them to apps with a minimum targetSdkVersion.

Place untrusted apps with targetSdkVersion<=25 into the
untrustd_app_25 domain. Apps with targetSdkVersion>=26 are placed
into the untrusted_app domain. Common rules are included in the
untrusted_app_all attribute. Apps with a more recent targetSdkVersion
are granted fewer permissions.

Test: Marlin builds and boots. Apps targeting targetSdkVersion<=25
run in untrusted_app_25 domain. Apps targeting the current development
build >=26 run in the untrusted_app domain with fewer permissions. No
new denials observed during testing.
Bug: 34115651
Bug: 35323421
Change-Id: Ie6a015566fac07c44ea06c963c40793fcdc9a083

diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
new file mode 100644
index 0000000..4f92649
--- /dev/null
+++ b/private/untrusted_app_25.te

@@ -0,0 +1,29 @@
+###
+### Untrusted_app_25
+###
+### This file defines the rules for untrusted apps running with
+### targetSdkVersion <= 25.
+###
+### Apps are labeled based on mac_permissions.xml (maps signer and
+### optionally package name to seinfo value) and seapp_contexts (maps UID
+### and optionally seinfo value to domain for process and type for data
+### directory).  The untrusted_app domain is the default assignment in
+### seapp_contexts for any app with UID between APP_AID (10000)
+### and AID_ISOLATED_START (99000) if the app has no specific seinfo
+### value as determined from mac_permissions.xml.  In current AOSP, this
+### domain is assigned to all non-system apps as well as to any system apps
+### that are not signed by the platform key.  To move
+### a system app into a specific domain, add a signer entry for it to
+### mac_permissions.xml and assign it one of the pre-existing seinfo values
+### or define and use a new seinfo value in both mac_permissions.xml and
+### seapp_contexts.
+###
+
+app_domain(untrusted_app_25)
+untrusted_app_domain(untrusted_app_25)
+net_domain(untrusted_app_25)
+bluetooth_domain(untrusted_app_25)
+
+# b/34115651 - net.dns* properties read
+# This will go away in a future Android release
+get_prop(untrusted_app_25, net_dns_prop)