diff --git a/public/attributes b/public/attributes index 754dd9e02..4f477f468 100644 --- a/public/attributes +++ b/public/attributes @@ -34,7 +34,8 @@ expandattribute data_file_type false; attribute core_data_file_type; expandattribute core_data_file_type false; -# All types used for app private data files under /data/data. +# All types used for app private data files in seapp_contexts. +# Such types should not be applied to any other files. attribute app_data_file_type; expandattribute app_data_file_type false; diff --git a/public/domain.te b/public/domain.te index 4e7347b77..a36b7cb01 100644 --- a/public/domain.te +++ b/public/domain.te @@ -783,6 +783,7 @@ full_treble_only(` dev_type -coredomain_socket -core_data_file_type + -app_data_file_type -unlabeled }:sock_file ~{ append getattr ioctl read write }; ') @@ -807,6 +808,7 @@ full_treble_only(` } { data_file_type -core_data_file_type + -app_data_file_type }:file_class_set ~{ append getattr ioctl read write map }; ') full_treble_only(` @@ -819,6 +821,7 @@ full_treble_only(` } { data_file_type -core_data_file_type + -app_data_file_type # TODO(b/72998741) Remove exemption. Further restricted in a subsequent # neverallow. Currently only getattr and search are allowed. -vendor_data_file diff --git a/tests/policy.py b/tests/policy.py index d0ef6c456..40229b8b2 100644 --- a/tests/policy.py +++ b/tests/policy.py @@ -52,9 +52,9 @@ class Policy: __policydbP = None __BUFSIZE = 2048 - def AssertPathTypesDoNotHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr): + def AssertPathTypesDoNotHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr, ExcludedTypes = []): # Query policy for the types associated with Attr - TypesPol = self.QueryTypeAttribute(Attr, True) + TypesPol = self.QueryTypeAttribute(Attr, True) - set(ExcludedTypes) # Search file_contexts to find types associated with input paths. TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix) violators = TypesFc.intersection(TypesPol) diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py index 01dda047f..5597f14d7 100644 --- a/tests/sepolicy_tests.py +++ b/tests/sepolicy_tests.py @@ -61,6 +61,28 @@ def TestCoreDataTypeViolations(pol): def TestPropertyTypeViolations(pol): return pol.AssertPropertyOwnersAreExclusive() +def TestAppDataTypeViolations(pol): + # Types with the app_data_file_type should only be used for app data files + # (/data/data/package.name etc) via seapp_contexts, and never applied + # explicitly to other files. + partitions = [ + "/data/", + "/vendor/", + "/odm/", + "/product/", + ] + exceptions = [ + # These are used for app data files for the corresponding user and + # assorted other files. + # TODO(b/172812577): Use different types for the different purposes + "shell_data_file", + "bluetooth_data_file", + "nfc_data_file", + "radio_data_file", + ] + return pol.AssertPathTypesDoNotHaveAttr(partitions, [], "app_data_file_type", + exceptions) + ### # extend OptionParser to allow the same option flag to be used multiple times. @@ -87,7 +109,8 @@ Tests = [ "TestDebugfsTypeViolations", "TestVendorTypeViolations", "TestCoreDataTypeViolations", - "TestPropertyTypeViolations" + "TestPropertyTypeViolations", + "TestAppDataTypeViolations", ] if __name__ == '__main__': @@ -143,6 +166,8 @@ if __name__ == '__main__': results += TestCoreDataTypeViolations(pol) if options.test is None or "TestPropertyTypeViolations" in options.test: results += TestPropertyTypeViolations(pol) + if options.test is None or "TestAppDataTypeViolations" in options.test: + results += TestAppDataTypeViolations(pol) if len(results) > 0: sys.exit(results)