Revert "untrusted_app_30: add new targetSdk domain"
Revert "Ignore SELinux denials for all untrusted_app domains"
Revert "Update tests to check RTM_GETNEIGH{TBL} restrictions"
Revert submission 1748045-getneigh-enable-restrictions
Reason for revert: Breaks android.net.netlink.NetlinkSocketTest#testBasicWorkingGetNeighborsQuery with permissions error.
Bug: 192406650
Reverted Changes:
Iea29a1b36:Ignore SELinux denials for all untrusted_app domai...
I14b755020:Update tests to check RTM_GETNEIGH{TBL} restrictio...
I32ebb407b:untrusted_app_30: add new targetSdk domain
I8598662b7:libsepol: trigger new RTM_GETNEIGH{TBL} behavior
Change-Id: I525544191520607fdd238b5ac55aa5132f679253
diff --git a/private/access_vectors b/private/access_vectors
index e8087c6..22f2ffa 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -395,7 +395,6 @@
nlmsg_read
nlmsg_write
nlmsg_readpriv
- nlmsg_getneigh
}
class netlink_tcpdiag_socket
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 5c41b02..e64462e 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -11,7 +11,6 @@
untrusted_app_25
untrusted_app_27
untrusted_app_29
- untrusted_app_30
untrusted_app_all
}')
# Receive or send uevent messages.
@@ -120,15 +119,6 @@
# Disallow sending RTM_GETLINK messages on netlink sockets.
neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
-# Disallow sending RTM_GETNEIGH{TBL} messages on netlink sockets.
-neverallow {
- all_untrusted_apps
- -untrusted_app_25
- -untrusted_app_27
- -untrusted_app_29
- -untrusted_app_30
-} domain:netlink_route_socket nlmsg_getneigh;
-
# Do not allow untrusted apps access to /cache
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 358d6c3..f9e073e 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -9,5 +9,4 @@
camera2_extensions_prop
power_stats_service
transformer_service
- untrusted_app_30
))
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 38fecef..1d38fd9 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -168,8 +168,7 @@
user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
-user=_app minTargetSdkVersion=32 domain=untrusted_app type=app_data_file levelFrom=all
-user=_app minTargetSdkVersion=30 domain=untrusted_app_30 type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 62d458d..6e7a99c 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -2,7 +2,7 @@
### Untrusted apps.
###
### This file defines the rules for untrusted apps running with
-### targetSdkVersion >= 32.
+### targetSdkVersion >= 30.
###
### See public/untrusted_app.te for more information about which apps are
### placed in this selinux domain.
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 8f5eb88..82c07ff 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -48,6 +48,3 @@
# Read /mnt/sdcard symlink.
allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms;
-
-# allow sending RTM_GETNEIGH{TBL} messages.
-allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index db3669b..7a326a5 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -36,6 +36,3 @@
# Read /mnt/sdcard symlink.
allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms;
-
-# allow sending RTM_GETNEIGH{TBL} messages.
-allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te
index 76f86f7..d03f399 100644
--- a/private/untrusted_app_29.te
+++ b/private/untrusted_app_29.te
@@ -14,6 +14,3 @@
untrusted_app_domain(untrusted_app_29)
net_domain(untrusted_app_29)
bluetooth_domain(untrusted_app_29)
-
-# allow sending RTM_GETNEIGH{TBL} messages.
-allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te
deleted file mode 100644
index 97393d9..0000000
--- a/private/untrusted_app_30.te
+++ /dev/null
@@ -1,21 +0,0 @@
-###
-### Untrusted apps.
-###
-### This file defines the rules for untrusted apps running with
-### 29 < targetSdkVersion <= 31.
-###
-### See public/untrusted_app.te for more information about which apps are
-### placed in this selinux domain.
-###
-### TODO(b/192334803): Merge this policy into untrusted_app_29 when possible
-###
-
-typeattribute untrusted_app_30 coredomain;
-
-app_domain(untrusted_app_30)
-untrusted_app_domain(untrusted_app_30)
-net_domain(untrusted_app_30)
-bluetooth_domain(untrusted_app_30)
-
-# allow sending RTM_GETNEIGH{TBL} messages.
-allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
diff --git a/public/net.te b/public/net.te
index 714bcde..e90715e 100644
--- a/public/net.te
+++ b/public/net.te
@@ -20,16 +20,14 @@
# See changes to the routing table.
allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read };
# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
-# untrusted_apps.
-# b/171572148 gate RTM_GETNEIGH{TBL} with a new permission nlmsg_getneigh and block access from
-# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-30) are granted access elsewhere
+# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere
# to avoid app-compat breakage.
allow {
netdomain
-ephemeral_app
-mediaprovider
-untrusted_app_all
-} self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
+} self:netlink_route_socket { bind nlmsg_readpriv };
# Talks to netd via dnsproxyd socket.
unix_socket_connect(netdomain, dnsproxyd, netd)
diff --git a/public/untrusted_app.te b/public/untrusted_app.te
index 0a67614..43fe19a 100644
--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -17,12 +17,9 @@
###
# This file defines the rules for untrusted apps running with
-# targetSdkVersion >= 32.
+# targetSdkVersion >= 30.
type untrusted_app, domain;
# This file defines the rules for untrusted apps running with
-# 29 < targetSdkVersion <= 31.
-type untrusted_app_30, domain;
-# This file defines the rules for untrusted apps running with
# targetSdkVersion = 29.
type untrusted_app_29, domain;
# This file defines the rules for untrusted apps running with