Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 77a8ac9ab4a980d6c4759dc784ab8ea51a0e29da / . / private / system_app.te
blob: af9d168afe4f2154575ee6183e4d6958c8981fdb [file] [log] [blame]
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]1###
2### Apps that run with the system UID, e.g. com.android.system.ui,
3### com.android.settings. These are not as privileged as the system
4### server.
5###
6
Alan Stokes81e4e872020-02-11 14:43:05 +0000[diff] [blame]7typeattribute system_app coredomain, mlstrustedsubject;
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]8
dcashman3e8dbf02016-12-08 11:23:34 -0800[diff] [blame]9app_domain(system_app)
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]10net_domain(system_app)
11binder_service(system_app)
12
Jeff Vander Stoepa12aad42017-07-10 20:39:50 -0700[diff] [blame]13# android.ui and system.ui
14allow system_app rootfs:dir getattr;
15
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]16# Read and write /data/data subdirectory.
17allow system_app system_app_data_file:dir create_dir_perms;
18allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
19
20# Read and write to /data/misc/user.
21allow system_app misc_user_data_file:dir create_dir_perms;
22allow system_app misc_user_data_file:file create_file_perms;
23
Andrew Sapperstein544a9b12019-06-28 15:28:28 +0000[diff] [blame]24# Access to apex files stored on /data (b/136063500)
25# Needed so that Settings can access NOTICE files inside apex
26# files located in the assets/ directory.
27allow system_app apex_data_file:dir search;
28allow system_app staging_data_file:file r_file_perms;
29
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]30# Read wallpaper file.
31allow system_app wallpaper_file:file r_file_perms;
32
33# Read icon file.
34allow system_app icon_file:file r_file_perms;
35
36# Write to properties
Chris Pauload2f8832022-11-12 21:36:02 +0000[diff] [blame]37set_prop(system_app, adaptive_haptics_prop)
Florian Mayer39f29f72021-12-21 12:06:31 -0800[diff] [blame]38set_prop(system_app, arm64_memtag_prop)
Jaekyun Seok224921d2018-04-09 12:07:32 +0900[diff] [blame]39set_prop(system_app, bluetooth_a2dp_offload_prop)
Cheney Nie55a74b2019-03-18 11:07:32 +0800[diff] [blame]40set_prop(system_app, bluetooth_audio_hal_prop)
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]41set_prop(system_app, bluetooth_prop)
42set_prop(system_app, debug_prop)
43set_prop(system_app, system_prop)
Jaekyun Seok224921d2018-04-09 12:07:32 +0900[diff] [blame]44set_prop(system_app, exported_bluetooth_prop)
Jaekyun Seoke4971452017-10-19 16:54:49 +0900[diff] [blame]45set_prop(system_app, exported_system_prop)
Jaekyun Seoke4971452017-10-19 16:54:49 +0900[diff] [blame]46set_prop(system_app, exported3_system_prop)
Super Liu078141a2021-12-13 09:57:20 +0800[diff] [blame]47set_prop(system_app, gesture_prop)
Neil Fuller8fa264d2022-09-28 08:52:46 +0000[diff] [blame]48set_prop(system_app, locale_prop)
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]49set_prop(system_app, logd_prop)
50set_prop(system_app, net_radio_prop)
Neil Fuller8fa264d2022-09-28 08:52:46 +0000[diff] [blame]51set_prop(system_app, timezone_prop)
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]52set_prop(system_app, usb_control_prop)
53set_prop(system_app, usb_prop)
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]54set_prop(system_app, log_tag_prop)
Kyle Zhang12c42b52023-09-28 21:10:17 +0000[diff] [blame]55set_prop(system_app, drm_forcel3_prop)
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]56userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
57auditallow system_app net_radio_prop:property_service set;
Inseob Kimdc1e5012020-04-27 21:13:01 +0900[diff] [blame]58auditallow system_app usb_control_prop:property_service set;
59auditallow system_app usb_prop:property_service set;
Hung-ying Tyan565384d2019-04-26 16:14:52 +0800[diff] [blame]60# Allow Settings to enable Dynamic System Update
61set_prop(system_app, dynamic_system_prop)
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]62
63# ctl interface
64set_prop(system_app, ctl_default_prop)
65set_prop(system_app, ctl_bugreport_prop)
66
Howard Chen7833aa42020-03-19 18:58:11 +0800[diff] [blame]67# Allow developer settings to query gsid status
68get_prop(system_app, gsid_prop)
69
Pawan Wagh60cc0b32023-08-29 00:09:29 +0000[diff] [blame]70# Allow developer settings to check 16k pages boot option status
71get_prop(system_app, enable_16k_pages_prop)
72
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]73# Create /data/anr/traces.txt.
74allow system_app anr_data_file:dir ra_dir_perms;
75allow system_app anr_data_file:file create_file_perms;
76
77# Settings need to access app name and icon from asec
78allow system_app asec_apk_file:file r_file_perms;
79
Bookatz022ab0e2018-02-13 09:33:36 -0800[diff] [blame]80# Allow system apps (like Settings) to interact with statsd
81binder_call(system_app, statsd)
82
Joe Onorato41f93db2016-11-20 23:23:04 -0800[diff] [blame]83# Allow system apps to interact with incidentd
84binder_call(system_app, incidentd)
85
Pawan Waghc35c8af2023-09-20 00:05:07 +0000[diff] [blame]86# Allow system apps (Settings) to call into update_engine
87# in order to apply update to switch from 4k kernel to 16K and vice-versa
88binder_use(system_app)
89allow system_app update_engine_stable_service:service_manager find;
90binder_call(system_app, update_engine)
91
Rambo Wang8950e7a2020-02-12 19:06:04 -0800[diff] [blame]92# Allow system app to interact with Dumpstate HAL
93hal_client_domain(system_app, hal_dumpstate)
94
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]95allow system_app servicemanager:service_manager list;
96# TODO: scope this down? Too broad?
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]97allow system_app {
98 service_manager_type
Martijn Coenenac097ac2018-08-17 09:35:42 +0200[diff] [blame]99 -apex_service
Luke Huang524f25e2019-02-25 20:12:15 +0800[diff] [blame]100 -dnsresolver_service
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]101 -dumpstate_service
102 -installd_service
Yifan Hong18ade862019-03-14 15:45:03 -0700[diff] [blame]103 -lpdump_service
paulhu70b0a772021-12-09 11:49:23 +0800[diff] [blame]104 -mdns_service
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]105 -netd_service
Michael Sun6445f192020-11-02 23:54:21 +0000[diff] [blame]106 -system_suspend_control_internal_service
Tri Vo131fa732019-02-07 13:29:39 -0800[diff] [blame]107 -system_suspend_control_service
Carmen Jacksona60d7f22021-06-23 16:53:45 -0700[diff] [blame]108 -tracingproxy_service
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]109 -virtual_touchpad_service
110 -vold_service
Steven Morelanda30464c2020-01-21 10:18:57 -0800[diff] [blame]111 -default_android_service
Dan Cashman91d398d2017-09-26 12:58:29 -0700[diff] [blame]112}:service_manager find;
Jeff Vander Stoep2d32d812017-10-13 13:33:46 -0700[diff] [blame]113# suppress denials for services system_app should not be accessing.
114dontaudit system_app {
Luke Huang524f25e2019-02-25 20:12:15 +0800[diff] [blame]115 dnsresolver_service
Jeff Vander Stoep2d32d812017-10-13 13:33:46 -0700[diff] [blame]116 dumpstate_service
117 installd_service
paulhu70b0a772021-12-09 11:49:23 +0800[diff] [blame]118 mdns_service
Jeff Vander Stoep2d32d812017-10-13 13:33:46 -0700[diff] [blame]119 netd_service
120 virtual_touchpad_service
121 vold_service
Jeff Vander Stoep2d32d812017-10-13 13:33:46 -0700[diff] [blame]122}:service_manager find;
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]123
Adam Shih25437152020-12-07 16:30:29 +0800[diff] [blame]124# suppress denials caused by debugfs_tracing
125dontaudit system_app debugfs_tracing:file rw_file_perms;
126
ThiƩbaud Weksteenbdc72142023-11-23 10:40:07 +1100[diff] [blame]127# Ignore access to memory properties for Settings.
128dontaudit system_app proc_pagetypeinfo:file r_file_perms;
ThiƩbaud Weksteenbcc7cc12022-05-19 14:38:50 +1000[diff] [blame]129dontaudit system_app sysfs_zram:dir search;
130
Janis Danisevskisabb93f22020-07-27 12:53:20 -0700[diff] [blame]131allow system_app keystore:keystore2_key {
132 delete
133 get_info
134 grant
Janis Danisevskisabb93f22020-07-27 12:53:20 -0700[diff] [blame]135 rebind
136 update
137 use
138};
139
Janis Danisevskisdf31f202021-02-01 23:04:45 -0800[diff] [blame]140# Allow Settings to manage WI-FI keys.
141allow system_app wifi_key:keystore2_key {
142 delete
143 get_info
Janis Danisevskisdf31f202021-02-01 23:04:45 -0800[diff] [blame]144 rebind
145 update
146 use
147};
148
Tri Vo06d7dca2018-01-10 12:51:51 -0800[diff] [blame]149# settings app reads /proc/version
Jeff Vander Stoepc975bd92017-09-27 12:27:03 -0700[diff] [blame]150allow system_app {
Jeff Vander Stoepc975bd92017-09-27 12:27:03 -0700[diff] [blame]151 proc_version
152}:file r_file_perms;
Jeff Vander Stoepc15d54e2017-07-25 16:43:49 -0700[diff] [blame]153
Tri Vof55c9892018-10-10 22:48:15 +0000[diff] [blame]154# Settings app writes to /dev/stune/foreground/tasks.
155allow system_app cgroup:file w_file_perms;
Marco Ballesioaa4ce952021-02-11 15:18:11 -0800[diff] [blame]156allow system_app cgroup_v2:file w_file_perms;
Bart Van Asschebe3ff9b2022-01-31 21:33:29 +0000[diff] [blame]157allow system_app cgroup_v2:dir w_dir_perms;
Tri Vof55c9892018-10-10 22:48:15 +0000[diff] [blame]158
Alex Klyubinb5853c32017-01-05 17:18:32 -0800[diff] [blame]159control_logd(system_app)
Mark Salyzynd33a9a12016-11-07 15:11:39 -0800[diff] [blame]160read_runtime_log_tags(system_app)
Pavel Grafov118e4962018-01-18 17:22:28 +0000[diff] [blame]161get_prop(system_app, device_logging_prop)
Nick Kralevich45766d42017-04-26 11:40:48 -0700[diff] [blame]162
Nathan Haroldee268642017-12-14 18:20:30 -0800[diff] [blame]163# allow system apps to use UDP sockets provided by the system server but not
164# modify them other than to connect
Nathan Harold252b0152018-03-27 06:34:54 -0700[diff] [blame]165allow system_app system_server:udp_socket {
166 connect getattr read recvfrom sendto write getopt setopt };
Nathan Haroldee268642017-12-14 18:20:30 -0800[diff] [blame]167
Andy Yu43c7ab02023-12-07 16:59:30 -0800[diff] [blame]168# allow system apps to read game manager related sysrops
169get_prop(system_app, game_manager_config_prop)
170
Inseob Kimc80b0242020-07-16 22:25:47 +0900[diff] [blame]171# Settings app reads ro.oem_unlock_supported
172get_prop(system_app, oem_unlock_prop)
173
Avichal Rakesha12d3102023-01-23 23:46:42 -0800[diff] [blame]174# Settings app reads ro.usb.uvc.enabled
175get_prop(system_app, usb_uvc_enabled_prop)
176
Gabriel Biren22dd5d72024-03-06 00:52:57 +0000[diff] [blame]177# Settings app reads and writes the wifi blob database
178allow system_app connectivityblob_data_file:dir rw_dir_perms;
179allow system_app connectivityblob_data_file:file create_file_perms;
180
Nick Kralevich45766d42017-04-26 11:40:48 -0700[diff] [blame]181###
182### Neverallow rules
183###
184
185# app domains which access /dev/fuse should not run as system_app
186neverallow system_app fuse_device:chr_file *;
Nick Kralevich6e893ec2019-09-05 09:24:41 -0700[diff] [blame]187
188# Apps which run as UID=system should not rely on any attacker controlled
189# filesystem locations, such as /data/local/tmp. For /data/local/tmp, we
190# allow writes to files passed by file descriptor to support dumpstate and
191# bug reports, but not reads.
192neverallow system_app shell_data_file:dir { no_w_dir_perms open search read };
193neverallow system_app shell_data_file:file { open read ioctl lock };
Chris Pauload2f8832022-11-12 21:36:02 +0000[diff] [blame]194
195# system_app should be the only domain writing the adaptive haptics prop
196neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;
Kyle Zhangda5a09b2024-01-04 01:06:08 +0000[diff] [blame]197# system_app should be the only domain writing the force l3 prop
198neverallow { domain -init -system_app } drm_forcel3_prop:property_service set;