Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f54b3622c70d9c0fbdd6cdf2eff89ec5dd5d7f16 / . / private / untrusted_app.te
blob: 50d79ee8b32d0c911c3c8b277b6b71237c07159a [file] [log] [blame]
Alex Klyubinfce60d32017-01-05 12:27:10 -0800[diff] [blame]1###
2### Untrusted apps.
3###
4### This file defines the rules for untrusted apps.
5### Apps are labeled based on mac_permissions.xml (maps signer and
6### optionally package name to seinfo value) and seapp_contexts (maps UID
7### and optionally seinfo value to domain for process and type for data
8### directory). The untrusted_app domain is the default assignment in
9### seapp_contexts for any app with UID between APP_AID (10000)
10### and AID_ISOLATED_START (99000) if the app has no specific seinfo
11### value as determined from mac_permissions.xml. In current AOSP, this
12### domain is assigned to all non-system apps as well as to any system apps
13### that are not signed by the platform key. To move
14### a system app into a specific domain, add a signer entry for it to
15### mac_permissions.xml and assign it one of the pre-existing seinfo values
16### or define and use a new seinfo value in both mac_permissions.xml and
17### seapp_contexts.
18###
19
dcashman3e8dbf02016-12-08 11:23:34 -0800[diff] [blame]20app_domain(untrusted_app)
Alex Klyubinfce60d32017-01-05 12:27:10 -0800[diff] [blame]21net_domain(untrusted_app)
22bluetooth_domain(untrusted_app)
dcashman2e00e632016-10-12 14:58:09 -0700[diff] [blame]23
Nick Kralevich4e404292017-02-09 16:08:11 -0800[diff] [blame]24# b/34115651 - net.dns* properties read
25# This will go away in a future Android release
26get_prop(untrusted_app, net_dns_prop)
27
dcashman2e00e632016-10-12 14:58:09 -0700[diff] [blame]28# Allow the allocation and use of ptys
29# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
30create_pty(untrusted_app)
Alex Klyubinfce60d32017-01-05 12:27:10 -0800[diff] [blame]31
32# Legacy text relocations
33allow untrusted_app apk_data_file:file execmod;
34
35# Some apps ship with shared libraries and binaries that they write out
36# to their sandbox directory and then execute.
37allow untrusted_app app_data_file:file { rx_file_perms execmod };
38
39# ASEC
40allow untrusted_app asec_apk_file:file r_file_perms;
41allow untrusted_app asec_apk_file:dir r_dir_perms;
42# Execute libs in asec containers.
43allow untrusted_app asec_public_file:file { execute execmod };
44
45# Used by Finsky / Android "Verify Apps" functionality when
46# running "adb install foo.apk".
47# TODO: Long term, we don't want apps probing into shell data files.
48# Figure out a way to remove these rules.
49allow untrusted_app shell_data_file:file r_file_perms;
50allow untrusted_app shell_data_file:dir r_dir_perms;
51
52# Read and write system app data files passed over Binder.
53# Motivating case was /data/data/com.android.settings/cache/*.jpg for
54# cropping or taking user photos.
55allow untrusted_app system_app_data_file:file { read write getattr };
56
57#
58# Rules migrated from old app domains coalesced into untrusted_app.
59# This includes what used to be media_app, shared_app, and release_app.
60#
61
62# Access to /data/media.
63allow untrusted_app media_rw_data_file:dir create_dir_perms;
64allow untrusted_app media_rw_data_file:file create_file_perms;
65
66# Traverse into /mnt/media_rw for bypassing FUSE daemon
67# TODO: narrow this to just MediaProvider
68allow untrusted_app mnt_media_rw_file:dir search;
69
70# allow cts to query all services
71allow untrusted_app servicemanager:service_manager list;
72
73allow untrusted_app audioserver_service:service_manager find;
74allow untrusted_app cameraserver_service:service_manager find;
75allow untrusted_app drmserver_service:service_manager find;
76allow untrusted_app mediaserver_service:service_manager find;
77allow untrusted_app mediaextractor_service:service_manager find;
78allow untrusted_app mediacodec_service:service_manager find;
Ray Essick39185402017-01-24 12:53:45 -0800[diff] [blame]79allow untrusted_app mediametrics_service:service_manager find;
Alex Klyubinfce60d32017-01-05 12:27:10 -0800[diff] [blame]80allow untrusted_app mediadrmserver_service:service_manager find;
81allow untrusted_app nfc_service:service_manager find;
82allow untrusted_app radio_service:service_manager find;
83allow untrusted_app surfaceflinger_service:service_manager find;
84allow untrusted_app app_api_service:service_manager find;
Craig Donner9051eaf2017-02-07 15:49:48 -0800[diff] [blame]85allow untrusted_app vr_manager_service:service_manager find;
Alex Klyubinfce60d32017-01-05 12:27:10 -0800[diff] [blame]86
87# Allow GMS core to access perfprofd output, which is stored
88# in /data/misc/perfprofd/. GMS core will need to list all
89# data stored in that directory to process them one by one.
90userdebug_or_eng(`
91 allow untrusted_app perfprofd_data_file:file r_file_perms;
92 allow untrusted_app perfprofd_data_file:dir r_dir_perms;
93')
94
95# gdbserver for ndk-gdb ptrace attaches to app process.
96allow untrusted_app self:process ptrace;
97
98# Cts: HwRngTest
99allow untrusted_app sysfs_hwrandom:dir search;
100allow untrusted_app sysfs_hwrandom:file r_file_perms;
101
102# Allow apps to view preloaded content
103allow untrusted_app preloads_data_file:dir r_dir_perms;
104allow untrusted_app preloads_data_file:file r_file_perms;
105
106# Access to /proc/tty/drivers, to allow apps to determine if they
107# are running in an emulated environment.
108# b/33214085 b/33814662 b/33791054 b/33211769
109# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
110allow untrusted_app proc_tty_drivers:file r_file_perms;