[go: nahoru, domu]
Google Git
Sign in
android / device / google / bonito-sepolicy / d5ba804602e2cf66306f7edaed4a10fe04cf4e7b^! / .
commitd5ba804602e2cf66306f7edaed4a10fe04cf4e7b[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Fri Oct 23 16:46:26 2020 +0100
committerAlan Stokes <alanstokes@google.com>Fri Oct 23 16:46:26 2020 +0100
treebbc177427b13efd78d3457283a442542db8880c2
parent9f5dbd589cb303f885448469ec6e801b74f5b0c7 [diff]
Remove levelFrom=none from vendor apps.

(This is the same as https://r.android.com/1458479, for
crosshatch-sepolicy, but with minor modifications due to different
base policy. I've checked again that these changes should be safe with
the local sepolicy and updated the explanation below.)

Set levelFrom=user or levelFrom=all explicitly on the apps that were
implicitly using levelFrom=none before. This provides better isolation
for app data files and unblocks future policy changes.

These changes should be safe even if the apps create files with
their new level:

- ssr_detector_app has write access to system_app_data_file and
  cgroup, but they are mlstrustedobject.

- data_service_app has write access to radio_data_file, but it is
  mlstrustedobject.

- ril_config_service_app has write access to radio_vendor_data_file,
  but it is mlstrustedobject.

- timeservice_app connects to time_daemon:unix_stream_socket, which we
  make mlstrustedsubject.

Test: presubmits
Bug: 170622707
Change-Id: I983b79da1c1eca0906f442d9447df0db2cb494d7

diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index f3c98c7..48c9b4f 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts

@@ -1,4 +1,4 @@
-user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
 user=_app seinfo=platform name=com.android.pixellogger domain=logger_app type=app_data_file levelFrom=all
 user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
 
@@ -6,7 +6,7 @@
 
 #Add new domain for DataServices
 # Domain for CNEService , uceShimService and other connectivity services
-user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
+user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file levelFrom=user
 
 # The default domain for tango_core process
 user=_app seinfo=tango name=com.google.tango domain=tango_core type=app_data_file levelFrom=user
@@ -22,7 +22,7 @@
 user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user
 
 #Needed for time service apk
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
 
 # Domain for easelservice app
 user=_app seinfo=easel name=com.google.android.imaging.easel.service domain=easelservice_app type=app_data_file levelFrom=user
@@ -35,4 +35,4 @@
 
 user=_app seinfo=platform name=com.qualcomm.qti.services.secureui* domain=secure_ui_service_app levelFrom=all
 
-user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file
+user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file levelFrom=all

diff --git a/vendor/qcom/common/time_daemon.te b/vendor/qcom/common/time_daemon.te
index d97cdbb..f0aa0e5 100644
--- a/vendor/qcom/common/time_daemon.te
+++ b/vendor/qcom/common/time_daemon.te

@@ -1,4 +1,4 @@
-type time_daemon, domain;
+type time_daemon, domain, mlstrustedsubject;
 type time_daemon_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(time_daemon)