| Jeff Vander Stoep | bacb6d7 | 2017-02-13 13:33:27 -0800 | [diff] [blame] | 1 | ### |
| 2 | ### Untrusted_app_25 |
| 3 | ### |
| 4 | ### This file defines the rules for untrusted apps running with |
| 5 | ### targetSdkVersion <= 25. |
| 6 | ### |
| 7 | ### Apps are labeled based on mac_permissions.xml (maps signer and |
| 8 | ### optionally package name to seinfo value) and seapp_contexts (maps UID |
| 9 | ### and optionally seinfo value to domain for process and type for data |
| 10 | ### directory). The untrusted_app domain is the default assignment in |
| 11 | ### seapp_contexts for any app with UID between APP_AID (10000) |
| 12 | ### and AID_ISOLATED_START (99000) if the app has no specific seinfo |
| 13 | ### value as determined from mac_permissions.xml. In current AOSP, this |
| 14 | ### domain is assigned to all non-system apps as well as to any system apps |
| 15 | ### that are not signed by the platform key. To move |
| 16 | ### a system app into a specific domain, add a signer entry for it to |
| 17 | ### mac_permissions.xml and assign it one of the pre-existing seinfo values |
| 18 | ### or define and use a new seinfo value in both mac_permissions.xml and |
| 19 | ### seapp_contexts. |
| 20 | ### |
| 21 | |
| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 22 | typeattribute untrusted_app_25 coredomain; |
| 23 | |
| Jeff Vander Stoep | bacb6d7 | 2017-02-13 13:33:27 -0800 | [diff] [blame] | 24 | app_domain(untrusted_app_25) |
| 25 | untrusted_app_domain(untrusted_app_25) |
| 26 | net_domain(untrusted_app_25) |
| 27 | bluetooth_domain(untrusted_app_25) |
| 28 | |
| Jeff Vander Stoep | bacb6d7 | 2017-02-13 13:33:27 -0800 | [diff] [blame] | 29 | # b/34115651 - net.dns* properties read |
| 30 | # This will go away in a future Android release |
| 31 | get_prop(untrusted_app_25, net_dns_prop) |
| Nick Kralevich | 50bb7b5 | 2017-03-03 12:17:49 -0800 | [diff] [blame] | 32 | |
| 33 | # b/35917228 - /proc/misc access |
| 34 | # This will go away in a future Android release |
| 35 | allow untrusted_app_25 proc_misc:file r_file_perms; |
| Nick Kralevich | b4f354f | 2017-03-04 20:09:10 -0800 | [diff] [blame] | 36 | |
| 37 | # Access to /proc/tty/drivers, to allow apps to determine if they |
| 38 | # are running in an emulated environment. |
| 39 | # b/33214085 b/33814662 b/33791054 b/33211769 |
| 40 | # https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java |
| 41 | # This will go away in a future Android release |
| 42 | allow untrusted_app_25 proc_tty_drivers:file r_file_perms; |
| Jeff Vander Stoep | 7a4af30 | 2018-04-10 12:47:48 -0700 | [diff] [blame] | 43 | |
| Nick Kralevich | f3eb985 | 2018-08-07 15:14:34 -0700 | [diff] [blame] | 44 | # Text relocation support for API < 23 |
| 45 | # https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 |
| 46 | allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod; |
| Yabin Cui | 5dc2c8c | 2018-11-02 11:12:43 -0700 | [diff] [blame] | 47 | |
| 48 | # The ability to call exec() on files in the apps home directories |
| 49 | # for targetApi<=25. This is also allowed for targetAPIs 26, 27, |
| 50 | # and 28 in untrusted_app_27.te. |
| 51 | allow untrusted_app_25 app_data_file:file execute_no_trans; |