PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't require seinfo for priv-apps

Browse Source 
Relax the requirement to have both seinfo and name specified for
privapps. The original reason for requiring both was because, normally,
a package can only be uniquely specified by both name and signature,
otherwise package squatting could occur. However, privapps are
pre-installed, so the concerns about the potential for package squatting
are eliminated. This change will drastically simplify sepolicy
configuration for priv-apps.

Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller still  runs in the
permissioncontroller_app domain.
Change-Id: I5bb2bf84b9db616c4492bd1402550821c70fdd07
This commit is contained in:
Ashwini Oruganti 2019-10-31 15:45:00 -07:00
parent 69e3af2d70
commit 04f771dee4
3 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
private/keys.conf
View File

@ -17,9 +17,6 @@ ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
[@NETWORK_STACK]
ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
[@PERMISSION_CONTROLLER]
ALL: $DEFAULT_SYSTEM_DEV_CERTIFICATE/com_google_android_permissioncontroller-container.x509.pem
[@SHARED]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem

6
private/mac_permissions.xml
View File

@ -59,10 +59,4 @@
<signer signature="@NETWORK_STACK" >
<seinfo value="network_stack" />
</signer>
<signer signature="@PERMISSION_CONTROLLER" >
<package name="com.google.android.permissioncontroller">
<seinfo value="permission_controller" />
</package>
</signer>
</policy>

9
private/seapp_contexts
View File

@ -113,9 +113,10 @@ neverallow isSystemServer="" domain=system_server
neverallow user=((?!system).)* domain=system_app
neverallow user=((?!system).)* type=system_app_data_file
# anything with a non-known uid with a specified name should have a specified seinfo
neverallow user=_app name=.* seinfo=""
neverallow user=_app name=.* seinfo=default
# any non priv-app with a non-known uid with a specified name should have a specified
# seinfo
neverallow user=_app isPrivApp=false name=.* seinfo=""
neverallow user=_app isPrivApp=false name=.* seinfo=default
# neverallow shared relro to any other domain
# and neverallow any other uid into shared_relro
@ -156,7 +157,7 @@ user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
user=_app seinfo=permission_controller isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user