PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "remove app_data_file execute"

Browse Source
This commit is contained in:
Treehugger Robot 2018-12-13 01:21:28 +00:00 committed by Gerrit Code Review
commit 42abd423cd
6 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
private/app_neverallows.te
View File

@ -47,7 +47,7 @@ neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
neverallow all_untrusted_apps rs_data_file:file
{ append create link relabelfrom relabelto rename setattr write };
# Block calling execve() on files in an apps home directory.
# Block calling execve() in app /data/data files.
# This is a W^X violation (loading executable code from a writable
# home directory). For compatibility, allow for targetApi <= 28.
# b/112357170
@ -58,6 +58,17 @@ neverallow {
-runas_app
} { app_data_file privapp_data_file }:file execute_no_trans;
# Block calling dlopen() in app /data/data files.
# This is a W^X violation (loading executable code from a writable
# home directory). For compatibility, allow for targetApi <= 28.
# b/112357170
neverallow {
all_untrusted_apps
-untrusted_app_25
-untrusted_app_27
-runas_app
} app_data_file:file execute;
# Do not allow untrusted apps to invoke dex2oat. This was historically required
# by ART for compiling secondary dex files but has been removed in Q.
# Exempt legacy apps (targetApi<=28) for compatibility.

2
private/ephemeral_app.te
View File

@ -22,7 +22,7 @@ allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr
# Some apps ship with shared libraries and binaries that they write out
# to their sandbox directory and then execute.
allow ephemeral_app privapp_data_file:file { r_file_perms execute };
allow ephemeral_app app_data_file:file { r_file_perms execute };
allow ephemeral_app app_data_file:file r_file_perms;
# Allow the renderscript compiler to be run.
domain_auto_trans(ephemeral_app, rs_exec, rs)

7
private/runas_app.te
View File

@ -6,6 +6,7 @@ untrusted_app_domain(runas_app)
net_domain(runas_app)
bluetooth_domain(runas_app)
# The ability to call exec() on files in the apps home directories
# when using run-as on a debuggable app. Needed by simpleperf.
allow runas_app app_data_file:file execute_no_trans;
# The ability to call exec() or dlopen() on app /data/data
# files when using run-as on a debuggable app.
# Needed by simpleperf.
allow runas_app app_data_file:file { execute_no_trans execute };

8
private/untrusted_app_25.te
View File

@ -45,10 +45,10 @@ allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
# The ability to call exec() on files in the apps home directories
# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
# and 28 in untrusted_app_27.te.
allow untrusted_app_25 app_data_file:file execute_no_trans;
# The ability to call exec() or dlopen() on files in the apps home
# directories for targetApi<=25. This is also allowed for targetAPIs 26,
# 27, and 28 in untrusted_app_27.te.
allow untrusted_app_25 app_data_file:file { execute execute_no_trans };
# The ability to invoke dex2oat. Historically required by ART, now only
# allowed for targetApi<=28 for compat reasons.

6
private/untrusted_app_27.te
View File

@ -27,9 +27,9 @@ untrusted_app_domain(untrusted_app_27)
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
# The ability to call exec() on files in the apps home directories
# for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file execute_no_trans;
# The ability to call exec() or dlopen() on files in the apps home
# directories for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file { execute execute_no_trans };
# The ability to invoke dex2oat. Historically required by ART, now only
# allowed for targetApi<=28 for compat reasons.

2
private/untrusted_app_all.te
View File

@ -23,7 +23,7 @@
# Some apps ship with shared libraries and binaries that they write out
# to their sandbox directory and then execute.
allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
allow untrusted_app_all app_data_file:file { r_file_perms execute };
allow untrusted_app_all app_data_file:file r_file_perms;
# Allow loading and deleting renderscript created shared libraries
# within an application home directory.