Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ae72bf241d4fb85685068950e3d4da5d7f4589e3 / . / autoplay_app.te
blob: 19e337b029f6e7a3a11b2359bf61bc1afa05695c [file] [log] [blame]
Jeff Vander Stoep400d3ac2015-10-30 12:43:19 -0700[diff] [blame]1###
2### AutoPlay apps.
3###
4### This file defines the security policy for apps with the autoplay
5### feature.
6###
7### The autoplay_app domain is a reduced permissions sandbox allowing
8### ephemeral applications to be safely installed and run. Non ephemeral
9### applications may also opt-in to autoplay to take advantage of the
10### additional security features.
11###
12### PackageManager flags an app as autoplay at install time.
13type autoplay_app, domain;
Jeff Vander Stoepae72bf22015-11-25 09:41:05 -0800[diff] [blame^]14
15# allow JITing
16allow autoplay_app self:process execmem;
17allow autoplay_app ashmem_device:chr_file execute;
18
19# Define and allow access to our own type for ashmem regions.
20# Label ashmem objects with our own unique type.
21tmpfs_domain(autoplay_app)
22# Map with PROT_EXEC.
23allow autoplay_app autoplay_app_tmpfs:file execute;
24
25# Send logcat messages to logd.
26write_logd(autoplay_app)
27
28# Receive and use open file descriptors inherited from zygote.
29allow autoplay_app zygote:fd use;
30
31# Notify zygote of death;
32allow autoplay_app zygote:process sigchld;
33
34# application inherit logd write socket (urge is to deprecate this long term)
35allow autoplay_app zygote:unix_dgram_socket write;
36
37# App sandbox file accesses.
38allow autoplay_app autoplay_data_file:dir create_dir_perms;
39allow autoplay_app autoplay_data_file:{ file sock_file fifo_file } create_file_perms;
40
41# For /acct/uid/*/tasks.
42allow autoplay_app cgroup:dir { search write };
43allow autoplay_app cgroup:file w_file_perms;
44
45# For art.
46allow autoplay_app dalvikcache_data_file:file { execute r_file_perms };
47allow autoplay_app dalvikcache_data_file:lnk_file r_file_perms;
48allow autoplay_app dalvikcache_data_file:dir getattr;
49
50# debugfs access
51allow autoplay_app debugfs:dir r_dir_perms;
52allow autoplay_app debugfs:file w_file_perms;
53
54# Grant GPU access. autoplay_app needs that to render the standard UI.
55allow autoplay_app gpu_device:chr_file rw_file_perms;
56
57# Use the Binder.
58binder_use(autoplay_app)
59# Perform binder IPC to binder services.
60binder_call(autoplay_app, surfaceflinger)
61binder_call(autoplay_app, system_server)
62
63# Allow read access to ion memory allocation device
64allow autoplay_app ion_device:chr_file { read open };
65
66# Use pipes and sockets provided by system_server via binder or local socket.
67allow autoplay_app system_server:fifo_file rw_file_perms;
68allow autoplay_app system_server:unix_stream_socket { read write setopt getattr getopt shutdown };
69allow autoplay_app system_server:tcp_socket { read write getattr getopt shutdown };
70
71# Inherit or receive open files from system_server.
72allow autoplay_app system_server:fd use;
73
74# Communicate with surfaceflinger.
75allow autoplay_app surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown };
76
77# Read files already opened under /data.
78allow autoplay_app system_data_file:file { getattr read };
79allow autoplay_app system_data_file:lnk_file read;
80
81# System file accesses. Check for libraries
82allow autoplay_app system_file:dir getattr;
83
84###
85### neverallow rules
86###
87
88# Receive or send uevent messages.
89neverallow autoplay_app domain:netlink_kobject_uevent_socket *;
90
91# Receive or send generic netlink messages
92neverallow autoplay_app domain:netlink_socket *;
93
94# Too much leaky information in debugfs. It's a security
95# best practice to ensure these files aren't readable.
96neverallow autoplay_app debugfs:file read;
97
98# execute gpu_device
99neverallow autoplay_app gpu_device:chr_file execute;