Exempt app_data_file_type from neverallow rules.
We need to be able to access app data files from core domains such as installd even for vendor apps. Those file types should not be core_data_file_type, so we explicitly exempty app_data_file_type as well as core_data_file_type from the relevant neverallows. To prevent misuse of the attribute, add a test to check it is not applied to anything in file_contexts. Exempt the existing violators in system policy for now. Test: Builds Test: Adding a type with just "file_type, data_file_type, app_data_file_type" works Test: New test successfully catches violators. Bug: 171795911 Change-Id: I07bf3ec3db615f8b7a33d8235da5e6d8e2508975
This commit is contained in:
parent
9f7d1ff0f1
commit
668e74f6f4
@ -34,7 +34,8 @@ expandattribute data_file_type false;
|
|||||||
attribute core_data_file_type;
|
attribute core_data_file_type;
|
||||||
expandattribute core_data_file_type false;
|
expandattribute core_data_file_type false;
|
||||||
|
|
||||||
# All types used for app private data files under /data/data.
|
# All types used for app private data files in seapp_contexts.
|
||||||
|
# Such types should not be applied to any other files.
|
||||||
attribute app_data_file_type;
|
attribute app_data_file_type;
|
||||||
expandattribute app_data_file_type false;
|
expandattribute app_data_file_type false;
|
||||||
|
|
||||||
|
@ -783,6 +783,7 @@ full_treble_only(`
|
|||||||
dev_type
|
dev_type
|
||||||
-coredomain_socket
|
-coredomain_socket
|
||||||
-core_data_file_type
|
-core_data_file_type
|
||||||
|
-app_data_file_type
|
||||||
-unlabeled
|
-unlabeled
|
||||||
}:sock_file ~{ append getattr ioctl read write };
|
}:sock_file ~{ append getattr ioctl read write };
|
||||||
')
|
')
|
||||||
@ -807,6 +808,7 @@ full_treble_only(`
|
|||||||
} {
|
} {
|
||||||
data_file_type
|
data_file_type
|
||||||
-core_data_file_type
|
-core_data_file_type
|
||||||
|
-app_data_file_type
|
||||||
}:file_class_set ~{ append getattr ioctl read write map };
|
}:file_class_set ~{ append getattr ioctl read write map };
|
||||||
')
|
')
|
||||||
full_treble_only(`
|
full_treble_only(`
|
||||||
@ -819,6 +821,7 @@ full_treble_only(`
|
|||||||
} {
|
} {
|
||||||
data_file_type
|
data_file_type
|
||||||
-core_data_file_type
|
-core_data_file_type
|
||||||
|
-app_data_file_type
|
||||||
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
|
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
|
||||||
# neverallow. Currently only getattr and search are allowed.
|
# neverallow. Currently only getattr and search are allowed.
|
||||||
-vendor_data_file
|
-vendor_data_file
|
||||||
|
@ -52,9 +52,9 @@ class Policy:
|
|||||||
__policydbP = None
|
__policydbP = None
|
||||||
__BUFSIZE = 2048
|
__BUFSIZE = 2048
|
||||||
|
|
||||||
def AssertPathTypesDoNotHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr):
|
def AssertPathTypesDoNotHaveAttr(self, MatchPrefix, DoNotMatchPrefix, Attr, ExcludedTypes = []):
|
||||||
# Query policy for the types associated with Attr
|
# Query policy for the types associated with Attr
|
||||||
TypesPol = self.QueryTypeAttribute(Attr, True)
|
TypesPol = self.QueryTypeAttribute(Attr, True) - set(ExcludedTypes)
|
||||||
# Search file_contexts to find types associated with input paths.
|
# Search file_contexts to find types associated with input paths.
|
||||||
TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
|
TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
|
||||||
violators = TypesFc.intersection(TypesPol)
|
violators = TypesFc.intersection(TypesPol)
|
||||||
|
@ -61,6 +61,28 @@ def TestCoreDataTypeViolations(pol):
|
|||||||
def TestPropertyTypeViolations(pol):
|
def TestPropertyTypeViolations(pol):
|
||||||
return pol.AssertPropertyOwnersAreExclusive()
|
return pol.AssertPropertyOwnersAreExclusive()
|
||||||
|
|
||||||
|
def TestAppDataTypeViolations(pol):
|
||||||
|
# Types with the app_data_file_type should only be used for app data files
|
||||||
|
# (/data/data/package.name etc) via seapp_contexts, and never applied
|
||||||
|
# explicitly to other files.
|
||||||
|
partitions = [
|
||||||
|
"/data/",
|
||||||
|
"/vendor/",
|
||||||
|
"/odm/",
|
||||||
|
"/product/",
|
||||||
|
]
|
||||||
|
exceptions = [
|
||||||
|
# These are used for app data files for the corresponding user and
|
||||||
|
# assorted other files.
|
||||||
|
# TODO(b/172812577): Use different types for the different purposes
|
||||||
|
"shell_data_file",
|
||||||
|
"bluetooth_data_file",
|
||||||
|
"nfc_data_file",
|
||||||
|
"radio_data_file",
|
||||||
|
]
|
||||||
|
return pol.AssertPathTypesDoNotHaveAttr(partitions, [], "app_data_file_type",
|
||||||
|
exceptions)
|
||||||
|
|
||||||
|
|
||||||
###
|
###
|
||||||
# extend OptionParser to allow the same option flag to be used multiple times.
|
# extend OptionParser to allow the same option flag to be used multiple times.
|
||||||
@ -87,7 +109,8 @@ Tests = [
|
|||||||
"TestDebugfsTypeViolations",
|
"TestDebugfsTypeViolations",
|
||||||
"TestVendorTypeViolations",
|
"TestVendorTypeViolations",
|
||||||
"TestCoreDataTypeViolations",
|
"TestCoreDataTypeViolations",
|
||||||
"TestPropertyTypeViolations"
|
"TestPropertyTypeViolations",
|
||||||
|
"TestAppDataTypeViolations",
|
||||||
]
|
]
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
@ -143,6 +166,8 @@ if __name__ == '__main__':
|
|||||||
results += TestCoreDataTypeViolations(pol)
|
results += TestCoreDataTypeViolations(pol)
|
||||||
if options.test is None or "TestPropertyTypeViolations" in options.test:
|
if options.test is None or "TestPropertyTypeViolations" in options.test:
|
||||||
results += TestPropertyTypeViolations(pol)
|
results += TestPropertyTypeViolations(pol)
|
||||||
|
if options.test is None or "TestAppDataTypeViolations" in options.test:
|
||||||
|
results += TestAppDataTypeViolations(pol)
|
||||||
|
|
||||||
if len(results) > 0:
|
if len(results) > 0:
|
||||||
sys.exit(results)
|
sys.exit(results)
|
||||||
|
Loading…
Reference in New Issue
Block a user