blob: b6a80da36630870b3bcc663957b278c143bafbc0 [file] [log] [blame]
Alex Klyubinfce60d32017-01-05 12:27:10 -08001###
2### Untrusted apps.
3###
4### This file defines the rules for untrusted apps.
5### Apps are labeled based on mac_permissions.xml (maps signer and
6### optionally package name to seinfo value) and seapp_contexts (maps UID
7### and optionally seinfo value to domain for process and type for data
8### directory). The untrusted_app domain is the default assignment in
9### seapp_contexts for any app with UID between APP_AID (10000)
10### and AID_ISOLATED_START (99000) if the app has no specific seinfo
11### value as determined from mac_permissions.xml. In current AOSP, this
12### domain is assigned to all non-system apps as well as to any system apps
13### that are not signed by the platform key. To move
14### a system app into a specific domain, add a signer entry for it to
15### mac_permissions.xml and assign it one of the pre-existing seinfo values
16### or define and use a new seinfo value in both mac_permissions.xml and
17### seapp_contexts.
18###
19
dcashman3e8dbf02016-12-08 11:23:34 -080020app_domain(untrusted_app)
Alex Klyubinfce60d32017-01-05 12:27:10 -080021net_domain(untrusted_app)
22bluetooth_domain(untrusted_app)
dcashman2e00e632016-10-12 14:58:09 -070023
Nick Kralevich4e404292017-02-09 16:08:11 -080024# b/34115651 - net.dns* properties read
25# This will go away in a future Android release
26get_prop(untrusted_app, net_dns_prop)
27
dcashman2e00e632016-10-12 14:58:09 -070028# Allow the allocation and use of ptys
29# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
30create_pty(untrusted_app)
Alex Klyubinfce60d32017-01-05 12:27:10 -080031
32# Legacy text relocations
33allow untrusted_app apk_data_file:file execmod;
34
35# Some apps ship with shared libraries and binaries that they write out
36# to their sandbox directory and then execute.
37allow untrusted_app app_data_file:file { rx_file_perms execmod };
38
39# ASEC
40allow untrusted_app asec_apk_file:file r_file_perms;
41allow untrusted_app asec_apk_file:dir r_dir_perms;
42# Execute libs in asec containers.
43allow untrusted_app asec_public_file:file { execute execmod };
44
45# Used by Finsky / Android "Verify Apps" functionality when
46# running "adb install foo.apk".
47# TODO: Long term, we don't want apps probing into shell data files.
48# Figure out a way to remove these rules.
49allow untrusted_app shell_data_file:file r_file_perms;
50allow untrusted_app shell_data_file:dir r_dir_perms;
51
52# Read and write system app data files passed over Binder.
53# Motivating case was /data/data/com.android.settings/cache/*.jpg for
54# cropping or taking user photos.
55allow untrusted_app system_app_data_file:file { read write getattr };
56
57#
58# Rules migrated from old app domains coalesced into untrusted_app.
59# This includes what used to be media_app, shared_app, and release_app.
60#
61
62# Access to /data/media.
63allow untrusted_app media_rw_data_file:dir create_dir_perms;
64allow untrusted_app media_rw_data_file:file create_file_perms;
65
66# Traverse into /mnt/media_rw for bypassing FUSE daemon
67# TODO: narrow this to just MediaProvider
68allow untrusted_app mnt_media_rw_file:dir search;
69
70# allow cts to query all services
71allow untrusted_app servicemanager:service_manager list;
72
73allow untrusted_app audioserver_service:service_manager find;
74allow untrusted_app cameraserver_service:service_manager find;
75allow untrusted_app drmserver_service:service_manager find;
76allow untrusted_app mediaserver_service:service_manager find;
77allow untrusted_app mediaextractor_service:service_manager find;
78allow untrusted_app mediacodec_service:service_manager find;
Ray Essick39185402017-01-24 12:53:45 -080079allow untrusted_app mediametrics_service:service_manager find;
Alex Klyubinfce60d32017-01-05 12:27:10 -080080allow untrusted_app mediadrmserver_service:service_manager find;
81allow untrusted_app nfc_service:service_manager find;
82allow untrusted_app radio_service:service_manager find;
83allow untrusted_app surfaceflinger_service:service_manager find;
84allow untrusted_app app_api_service:service_manager find;
85
86# Allow GMS core to access perfprofd output, which is stored
87# in /data/misc/perfprofd/. GMS core will need to list all
88# data stored in that directory to process them one by one.
89userdebug_or_eng(`
90 allow untrusted_app perfprofd_data_file:file r_file_perms;
91 allow untrusted_app perfprofd_data_file:dir r_dir_perms;
92')
93
94# gdbserver for ndk-gdb ptrace attaches to app process.
95allow untrusted_app self:process ptrace;
96
97# Cts: HwRngTest
98allow untrusted_app sysfs_hwrandom:dir search;
99allow untrusted_app sysfs_hwrandom:file r_file_perms;
100
101# Allow apps to view preloaded content
102allow untrusted_app preloads_data_file:dir r_dir_perms;
103allow untrusted_app preloads_data_file:file r_file_perms;
104
105# Access to /proc/tty/drivers, to allow apps to determine if they
106# are running in an emulated environment.
107# b/33214085 b/33814662 b/33791054 b/33211769
108# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
109allow untrusted_app proc_tty_drivers:file r_file_perms;