Merge "remove app_data_file execute"
This commit is contained in:
commit
42abd423cd
@ -47,7 +47,7 @@ neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
|
||||
neverallow all_untrusted_apps rs_data_file:file
|
||||
{ append create link relabelfrom relabelto rename setattr write };
|
||||
|
||||
# Block calling execve() on files in an apps home directory.
|
||||
# Block calling execve() in app /data/data files.
|
||||
# This is a W^X violation (loading executable code from a writable
|
||||
# home directory). For compatibility, allow for targetApi <= 28.
|
||||
# b/112357170
|
||||
@ -58,6 +58,17 @@ neverallow {
|
||||
-runas_app
|
||||
} { app_data_file privapp_data_file }:file execute_no_trans;
|
||||
|
||||
# Block calling dlopen() in app /data/data files.
|
||||
# This is a W^X violation (loading executable code from a writable
|
||||
# home directory). For compatibility, allow for targetApi <= 28.
|
||||
# b/112357170
|
||||
neverallow {
|
||||
all_untrusted_apps
|
||||
-untrusted_app_25
|
||||
-untrusted_app_27
|
||||
-runas_app
|
||||
} app_data_file:file execute;
|
||||
|
||||
# Do not allow untrusted apps to invoke dex2oat. This was historically required
|
||||
# by ART for compiling secondary dex files but has been removed in Q.
|
||||
# Exempt legacy apps (targetApi<=28) for compatibility.
|
||||
|
@ -22,7 +22,7 @@ allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr
|
||||
# Some apps ship with shared libraries and binaries that they write out
|
||||
# to their sandbox directory and then execute.
|
||||
allow ephemeral_app privapp_data_file:file { r_file_perms execute };
|
||||
allow ephemeral_app app_data_file:file { r_file_perms execute };
|
||||
allow ephemeral_app app_data_file:file r_file_perms;
|
||||
|
||||
# Allow the renderscript compiler to be run.
|
||||
domain_auto_trans(ephemeral_app, rs_exec, rs)
|
||||
|
@ -6,6 +6,7 @@ untrusted_app_domain(runas_app)
|
||||
net_domain(runas_app)
|
||||
bluetooth_domain(runas_app)
|
||||
|
||||
# The ability to call exec() on files in the apps home directories
|
||||
# when using run-as on a debuggable app. Needed by simpleperf.
|
||||
allow runas_app app_data_file:file execute_no_trans;
|
||||
# The ability to call exec() or dlopen() on app /data/data
|
||||
# files when using run-as on a debuggable app.
|
||||
# Needed by simpleperf.
|
||||
allow runas_app app_data_file:file { execute_no_trans execute };
|
||||
|
@ -45,10 +45,10 @@ allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
|
||||
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
|
||||
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
|
||||
|
||||
# The ability to call exec() on files in the apps home directories
|
||||
# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
|
||||
# and 28 in untrusted_app_27.te.
|
||||
allow untrusted_app_25 app_data_file:file execute_no_trans;
|
||||
# The ability to call exec() or dlopen() on files in the apps home
|
||||
# directories for targetApi<=25. This is also allowed for targetAPIs 26,
|
||||
# 27, and 28 in untrusted_app_27.te.
|
||||
allow untrusted_app_25 app_data_file:file { execute execute_no_trans };
|
||||
|
||||
# The ability to invoke dex2oat. Historically required by ART, now only
|
||||
# allowed for targetApi<=28 for compat reasons.
|
||||
|
@ -27,9 +27,9 @@ untrusted_app_domain(untrusted_app_27)
|
||||
net_domain(untrusted_app_27)
|
||||
bluetooth_domain(untrusted_app_27)
|
||||
|
||||
# The ability to call exec() on files in the apps home directories
|
||||
# for targetApi 26, 27, and 28.
|
||||
allow untrusted_app_27 app_data_file:file execute_no_trans;
|
||||
# The ability to call exec() or dlopen() on files in the apps home
|
||||
# directories for targetApi 26, 27, and 28.
|
||||
allow untrusted_app_27 app_data_file:file { execute execute_no_trans };
|
||||
|
||||
# The ability to invoke dex2oat. Historically required by ART, now only
|
||||
# allowed for targetApi<=28 for compat reasons.
|
||||
|
@ -23,7 +23,7 @@
|
||||
# Some apps ship with shared libraries and binaries that they write out
|
||||
# to their sandbox directory and then execute.
|
||||
allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
|
||||
allow untrusted_app_all app_data_file:file { r_file_perms execute };
|
||||
allow untrusted_app_all app_data_file:file r_file_perms;
|
||||
|
||||
# Allow loading and deleting renderscript created shared libraries
|
||||
# within an application home directory.
|
||||
|
Loading…
Reference in New Issue
Block a user