ensure that untrusted_app can't set properties

Bug: 10243159 Change-Id: I9409fe8898c446a33515f1bee2990f36a2e11535
2014-07-09 18:58:04 -07:00 · 2014-07-09 18:58:04 -07:00 · 99d86c7a77
commit 99d86c7a77
parent 5d60f04e5d
1 changed files with 6 additions and 0 deletions
--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -76,3 +76,9 @@ neverallow untrusted_app debugfs:file read;
 # Only trusted components of Android should be registering
 # services.
 neverallow untrusted_app service_manager_type:service_manager add;
+
+# Don't allow untrusted_apps to connect to the property service
+# or set properties. b/10243159
+neverallow untrusted_app property_socket:sock_file write;
+neverallow untrusted_app init:unix_stream_socket connectto;
+neverallow untrusted_app property_type:property_service set;