| Hongguang | 737b098 | 2021-06-09 09:36:39 -0700 | [diff] [blame] | 1 | # Any files which would have been created as app_data_file and |
| 2 | # privapp_data_file will be created as app_exec_data_file instead. |
| 3 | allow rs { app_data_file privapp_data_file }:dir ra_dir_perms; |
| Nick Kralevich | fb66c6f | 2019-01-11 09:37:46 -0800 | [diff] [blame] | 4 | allow rs app_exec_data_file:file create_file_perms; |
| 5 | type_transition rs app_data_file:file app_exec_data_file; |
| Hongguang | 737b098 | 2021-06-09 09:36:39 -0700 | [diff] [blame] | 6 | type_transition rs privapp_data_file:file app_exec_data_file; |
| Nick Kralevich | 0eb0a16 | 2018-12-12 09:06:05 -0800 | [diff] [blame] | 7 | |
| Nick Kralevich | 5cbe41b | 2018-12-19 12:09:42 -0800 | [diff] [blame] | 8 | # Follow /data/user/0 symlink |
| 9 | allow rs system_data_file:lnk_file read; |
| 10 | |
| Nick Kralevich | 0eb0a16 | 2018-12-12 09:06:05 -0800 | [diff] [blame] | 11 | # Read files from the app home directory. |
| Hongguang | 737b098 | 2021-06-09 09:36:39 -0700 | [diff] [blame] | 12 | allow rs { app_data_file privapp_data_file }:file r_file_perms; |
| 13 | allow rs { app_data_file privapp_data_file }:dir r_dir_perms; |
| Nick Kralevich | 0eb0a16 | 2018-12-12 09:06:05 -0800 | [diff] [blame] | 14 | |
| Nick Kralevich | fb66c6f | 2019-01-11 09:37:46 -0800 | [diff] [blame] | 15 | # Cleanup app_exec_data_file files in the app home directory. |
| Hongguang | 737b098 | 2021-06-09 09:36:39 -0700 | [diff] [blame] | 16 | allow rs { app_data_file privapp_data_file }:dir remove_name; |
| Nick Kralevich | 0eb0a16 | 2018-12-12 09:06:05 -0800 | [diff] [blame] | 17 | |
| 18 | # Use vendor resources |
| 19 | allow rs vendor_file:dir r_dir_perms; |
| 20 | r_dir_file(rs, vendor_overlay_file) |
| 21 | r_dir_file(rs, vendor_app_file) |
| Jooyung Han | 7c4f8a8 | 2023-06-09 13:26:54 +0900 | [diff] [blame] | 22 | # Vendor overlay can be found in vendor apex |
| 23 | allow rs vendor_apex_metadata_file:dir { getattr search }; |
| Nick Kralevich | 0eb0a16 | 2018-12-12 09:06:05 -0800 | [diff] [blame] | 24 | |
| 25 | # Read contents of app apks |
| 26 | r_dir_file(rs, apk_data_file) |
| 27 | |
| 28 | allow rs gpu_device:chr_file rw_file_perms; |
| 29 | allow rs ion_device:chr_file r_file_perms; |
| 30 | allow rs same_process_hal_file:file { r_file_perms execute }; |
| 31 | |
| 32 | # File descriptors passed from app to renderscript |
| Hongguang | 737b098 | 2021-06-09 09:36:39 -0700 | [diff] [blame] | 33 | allow rs { untrusted_app_all ephemeral_app priv_app }:fd use; |
| Jeff Vander Stoep | 561aa01 | 2019-01-17 14:44:29 -0800 | [diff] [blame] | 34 | |
| Alfred Piccioni | dcb9c2b | 2023-07-25 17:08:41 +0200 | [diff] [blame^] | 35 | # See b/291211299. Since rs is deprecated, this shouldn't be too dangerous, since new |
| 36 | # renderscript usages shouldn't be popping up. |
| 37 | dontaudit rs { zygote surfaceflinger hal_graphics_allocator }:fd use; |
| 38 | |
| Jeff Vander Stoep | 561aa01 | 2019-01-17 14:44:29 -0800 | [diff] [blame] | 39 | # rs can access app data, so ensure it can only be entered via an app domain and cannot have |
| 40 | # CAP_DAC_OVERRIDE. |
| 41 | neverallow rs rs:capability_class_set *; |
| 42 | neverallow { domain -appdomain } rs:process { dyntransition transition }; |
| 43 | neverallow rs { domain -crash_dump }:process { dyntransition transition }; |
| Steven Moreland | f3722d5 | 2023-05-22 23:45:40 +0000 | [diff] [blame] | 44 | neverallow rs app_data_file_type:file_class_set ~r_file_perms; |
| Jeff Vander Stoep | 561aa01 | 2019-01-17 14:44:29 -0800 | [diff] [blame] | 45 | # rs should never use network sockets |
| 46 | neverallow rs *:network_socket_class_set *; |