Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e427a2b2beb0e3e1eb6e93227a10f3f4d840e440^! / .
commite427a2b2beb0e3e1eb6e93227a10f3f4d840e440[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Jan 04 08:43:09 2017 -0800
committerNick Kralevich <nnk@google.com>Wed Jan 04 08:43:09 2017 -0800
tree8b5d7ef3fdd9cde3534aeb1384dbe020fdc3bbef
parent11c1b18f61db7878866dfba4a7995d088c1d447c [diff]
untrusted_app: allow access to /proc/tty/drivers

/proc/tty/drivers is read by applications to figure out if they are
running in an emulated environment. Specifically, they look for the
string "goldfish" within that file.

Arguably this is not an Android API, and really shouldn't be exposed to
applications, but:

1) A largish number of applications break if they can't read this file;
2) The information here isn't particularly sensitive

While we could spend a bunch of time trying to get applications fixed,
there are bigger fish to fry. It's not worth the battle.

Test: "ls -laZ /proc/tty/drivers" is labeled properly.
Bug: 33214085
Bug: 33814662
Bug: 33791054
Bug: 33211769
Bug: 26813932
Change-Id: Icc05bdc1c917547a6dca7d76636a1009369bde49

diff --git a/private/genfs_contexts b/private/genfs_contexts
index bb2fea9..f701685 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -29,6 +29,7 @@
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
+genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0

diff --git a/public/file.te b/public/file.te
index 66680e6..6184eef 100644
--- a/public/file.te
+++ b/public/file.te

@@ -20,6 +20,7 @@
 type proc_stat, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
+type proc_tty_drivers, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
 type proc_zoneinfo, fs_type;

diff --git a/public/untrusted_app.te b/public/untrusted_app.te
index 48662f3..8273342 100644
--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te

@@ -97,6 +97,12 @@
 allow untrusted_app preloads_data_file:dir r_dir_perms;
 allow untrusted_app preloads_data_file:file r_file_perms;
 
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+allow untrusted_app proc_tty_drivers:file r_file_perms;
+
 ###
 ### neverallow rules
 ###