Validate no-cross-domain /proc/PID access
Android uses hidepid=2 to restrict visibility to other /proc entries on the system. This helps preserve user, application, and system confidentiality by preventing unauthorized access to application metadata, and addresses attacks such as http://www.cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf Ensure the SELinux (weaker) equivalent is being enforced by adding neverallow compile time assertions. TODO: The "shell" user runs as both an Android application, as well as spawned via adb shell. This was a mistake. We should separate out the "shell" Android app into it's own SELinux domain. For now, exclude the shell from this assertion. (The shell Android app is covered by hidepid=2, so there's no leaking of data, but still, it's over privileged today and should be cleaned up. Bug: 23310674 Test: policy compiles. Compile time assertion only. Change-Id: I0e1a6506b2719aabf7eb8127f046c4ada947ba90
This commit is contained in:
parent
4b547a1516
commit
7a46380969
@ -367,8 +367,10 @@ neverallow appdomain zygote_socket:sock_file write;
|
||||
# ptrace access to non-app domains.
|
||||
neverallow appdomain { domain -appdomain }:process ptrace;
|
||||
|
||||
# Write access to /proc/pid entries for any non-app domain.
|
||||
neverallow appdomain { domain -appdomain }:file write;
|
||||
# Read or write access to /proc/pid entries for any non-app domain.
|
||||
# A different form of hidepid=2 like protections
|
||||
neverallow appdomain { domain -appdomain }:file no_w_file_perms;
|
||||
neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
|
||||
|
||||
# signal access to non-app domains.
|
||||
# sigchld allowed for parent death notification.
|
||||
|
@ -172,6 +172,8 @@ typeattribute $1 appdomain;
|
||||
tmpfs_domain($1)
|
||||
# Map with PROT_EXEC.
|
||||
allow $1 $1_tmpfs:file execute;
|
||||
neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
|
||||
neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
#####################################
|
||||
|
Loading…
Reference in New Issue
Block a user