Blame - private/system_app.te - android_system_sepolicy

blob: 245496f8f304cb785c2d5a60e36534cdfa16a0e7 [file] [log] [blame]

Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	1	###
				2	### Apps that run with the system UID, e.g. com.android.system.ui,
				3	### com.android.settings. These are not as privileged as the system
				4	### server.
				5	###
				6
Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	7	typeattribute system_app coredomain;
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	8
dcashman	3e8dbf0	2016-12-08 11:23:34 -0800	[diff] [blame]	9	app_domain(system_app)
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	10	net_domain(system_app)
				11	binder_service(system_app)
				12
Jeff Vander Stoep	a12aad4	2017-07-10 20:39:50 -0700	[diff] [blame]	13	# android.ui and system.ui
				14	allow system_app rootfs:dir getattr;
				15
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	16	# Read and write /data/data subdirectory.
				17	allow system_app system_app_data_file:dir create_dir_perms;
				18	allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
				19
				20	# Read and write to /data/misc/user.
				21	allow system_app misc_user_data_file:dir create_dir_perms;
				22	allow system_app misc_user_data_file:file create_file_perms;
				23
				24	# Access to vold-mounted storage for measuring free space
				25	allow system_app mnt_media_rw_file:dir search;
				26
				27	# Read wallpaper file.
				28	allow system_app wallpaper_file:file r_file_perms;
				29
				30	# Read icon file.
				31	allow system_app icon_file:file r_file_perms;
				32
				33	# Write to properties
Jaekyun Seok	224921d	2018-04-09 12:07:32 +0900	[diff] [blame]	34	set_prop(system_app, bluetooth_a2dp_offload_prop)
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	35	set_prop(system_app, bluetooth_prop)
				36	set_prop(system_app, debug_prop)
				37	set_prop(system_app, system_prop)
Jaekyun Seok	224921d	2018-04-09 12:07:32 +0900	[diff] [blame]	38	set_prop(system_app, exported_bluetooth_prop)
Jaekyun Seok	e497145	2017-10-19 16:54:49 +0900	[diff] [blame]	39	set_prop(system_app, exported_system_prop)
				40	set_prop(system_app, exported2_system_prop)
				41	set_prop(system_app, exported3_system_prop)
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	42	set_prop(system_app, logd_prop)
				43	set_prop(system_app, net_radio_prop)
				44	set_prop(system_app, system_radio_prop)
Jaekyun Seok	e497145	2017-10-19 16:54:49 +0900	[diff] [blame]	45	set_prop(system_app, exported_system_radio_prop)
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	46	set_prop(system_app, log_tag_prop)
				47	userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
				48	auditallow system_app net_radio_prop:property_service set;
				49	auditallow system_app system_radio_prop:property_service set;
Jaekyun Seok	e497145	2017-10-19 16:54:49 +0900	[diff] [blame]	50	auditallow system_app exported_system_radio_prop:property_service set;
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	51
				52	# ctl interface
				53	set_prop(system_app, ctl_default_prop)
				54	set_prop(system_app, ctl_bugreport_prop)
				55
				56	# Create /data/anr/traces.txt.
				57	allow system_app anr_data_file:dir ra_dir_perms;
				58	allow system_app anr_data_file:file create_file_perms;
				59
				60	# Settings need to access app name and icon from asec
				61	allow system_app asec_apk_file:file r_file_perms;
				62
Bookatz	022ab0e	2018-02-13 09:33:36 -0800	[diff] [blame]	63	# Allow system apps (like Settings) to interact with statsd
				64	binder_call(system_app, statsd)
				65
Joe Onorato	41f93db	2016-11-20 23:23:04 -0800	[diff] [blame]	66	# Allow system apps to interact with incidentd
				67	binder_call(system_app, incidentd)
				68
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	69	allow system_app servicemanager:service_manager list;
				70	# TODO: scope this down? Too broad?
Dan Cashman	91d398d	2017-09-26 12:58:29 -0700	[diff] [blame]	71	allow system_app {
				72	service_manager_type
Martijn Coenen	ac097ac	2018-08-17 09:35:42 +0200	[diff] [blame]	73	-apex_service
Dan Cashman	91d398d	2017-09-26 12:58:29 -0700	[diff] [blame]	74	-dumpstate_service
				75	-installd_service
				76	-netd_service
				77	-virtual_touchpad_service
				78	-vold_service
				79	-vr_hwc_service
				80	}:service_manager find;
Jeff Vander Stoep	2d32d81	2017-10-13 13:33:46 -0700	[diff] [blame]	81	# suppress denials for services system_app should not be accessing.
				82	dontaudit system_app {
				83	dumpstate_service
				84	installd_service
				85	netd_service
				86	virtual_touchpad_service
				87	vold_service
				88	vr_hwc_service
				89	}:service_manager find;
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	90
				91	allow system_app keystore:keystore_key {
				92	get_state
				93	get
				94	insert
				95	delete
				96	exist
				97	list
				98	reset
				99	password
				100	lock
				101	unlock
				102	is_empty
				103	sign
				104	verify
				105	grant
				106	duplicate
				107	clear_uid
				108	user_changed
				109	};
				110
Jeff Vander Stoep	7a4af30	2018-04-10 12:47:48 -0700	[diff] [blame]	111	# /proc/net access.
				112	# TODO(b/9496886) Audit access for removal.
				113	r_dir_file(system_app, proc_net_type)
				114	userdebug_or_eng(`
				115	auditallow system_app proc_net_type:{ dir file lnk_file } { getattr open read };
				116	')
				117
Tri Vo	06d7dca	2018-01-10 12:51:51 -0800	[diff] [blame]	118	# settings app reads /proc/version
Jeff Vander Stoep	c975bd9	2017-09-27 12:27:03 -0700	[diff] [blame]	119	allow system_app {
Jeff Vander Stoep	c975bd9	2017-09-27 12:27:03 -0700	[diff] [blame]	120	proc_version
				121	}:file r_file_perms;
Jeff Vander Stoep	c15d54e	2017-07-25 16:43:49 -0700	[diff] [blame]	122
Alex Klyubin	b5853c3	2017-01-05 17:18:32 -0800	[diff] [blame]	123	control_logd(system_app)
Mark Salyzyn	d33a9a1	2016-11-07 15:11:39 -0800	[diff] [blame]	124	read_runtime_log_tags(system_app)
Pavel Grafov	118e496	2018-01-18 17:22:28 +0000	[diff] [blame]	125	get_prop(system_app, device_logging_prop)
Nick Kralevich	45766d4	2017-04-26 11:40:48 -0700	[diff] [blame]	126
Nathan Harold	ee26864	2017-12-14 18:20:30 -0800	[diff] [blame]	127	# allow system apps to use UDP sockets provided by the system server but not
				128	# modify them other than to connect
Nathan Harold	252b015	2018-03-27 06:34:54 -0700	[diff] [blame]	129	allow system_app system_server:udp_socket {
				130	connect getattr read recvfrom sendto write getopt setopt };
Nathan Harold	ee26864	2017-12-14 18:20:30 -0800	[diff] [blame]	131
Nick Kralevich	45766d4	2017-04-26 11:40:48 -0700	[diff] [blame]	132	###
				133	### Neverallow rules
				134	###
				135
				136	# app domains which access /dev/fuse should not run as system_app
				137	neverallow system_app fuse_device:chr_file *;