Disallow new untrusted_app access to /proc/tty/drivers Access is deprecated for apps with targetSdkVersion=26+. Test: build (neverallow rules are build time assertions) Change-Id: I36480c38d45cf6bfb75f4988ffcefefc6b62d4b1

commit: ff511cb5dba4f970f586a8e9e87d879f13b0bacd [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Sep 07 07:39:28 2018 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Fri Sep 07 07:39:28 2018 -0700
tree: 87b205de802d3a083dd91b5b8fc84b89fea25028
parent: ac4b6478c13a11d24555f0f1d10cd8c098b7586d [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 8c53030..1c1deb0 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -265,3 +265,11 @@
 
 # Untrusted apps are not allowed to find mediaextractor update service.
 neverallow all_untrusted_apps mediaextractor_update_service:service_manager find;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms;
+neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;
commit	ff511cb5dba4f970f586a8e9e87d879f13b0bacd	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Sep 07 07:39:28 2018 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Fri Sep 07 07:39:28 2018 -0700
tree	87b205de802d3a083dd91b5b8fc84b89fea25028
parent	ac4b6478c13a11d24555f0f1d10cd8c098b7586d [diff] [blame]