Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
split out untrusted base app domains
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
- Loading branch information
1 parent
52d5d2f
commit 3afbdf2
Showing
31 changed files
with
496 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
### | ||
### Untrusted apps. | ||
### | ||
### This file defines the rules for untrusted apps running with | ||
### targetSdkVersion >= 30. | ||
### | ||
### See public/untrusted_app.te for more information about which apps are | ||
### placed in this selinux domain. | ||
### | ||
|
||
typeattribute untrusted_base_app coredomain; | ||
|
||
app_domain(untrusted_base_app) | ||
untrusted_app_domain(untrusted_base_app) | ||
net_domain(untrusted_base_app) | ||
bluetooth_domain(untrusted_base_app) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
### | ||
### untrusted_base_app_25 | ||
### | ||
### This file defines the rules for untrusted apps running with | ||
### targetSdkVersion <= 25. | ||
### | ||
### See public/untrusted_app.te for more information about which apps are | ||
### placed in this selinux domain. | ||
### | ||
|
||
typeattribute untrusted_base_app_25 coredomain; | ||
|
||
app_domain(untrusted_base_app_25) | ||
untrusted_app_domain(untrusted_base_app_25) | ||
net_domain(untrusted_base_app_25) | ||
bluetooth_domain(untrusted_base_app_25) | ||
|
||
# b/35917228 - /proc/misc access | ||
# This will go away in a future Android release | ||
allow untrusted_base_app_25 proc_misc:file r_file_perms; | ||
|
||
# Access to /proc/tty/drivers, to allow apps to determine if they | ||
# are running in an emulated environment. | ||
# b/33214085 b/33814662 b/33791054 b/33211769 | ||
# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java | ||
# This will go away in a future Android release | ||
allow untrusted_base_app_25 proc_tty_drivers:file r_file_perms; | ||
|
||
# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q. | ||
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 | ||
allow untrusted_base_app_25 { apk_data_file app_data_file asec_public_file }:file execmod; | ||
|
||
# The ability to call exec() on files in the apps home directories | ||
# for targetApi<=25. This is also allowed for targetAPIs 26, 27, | ||
# and 28 in untrusted_app_27.te. | ||
allow untrusted_base_app_25 app_data_file:file execute_no_trans; | ||
auditallow untrusted_base_app_25 app_data_file:file { execute execute_no_trans }; | ||
|
||
# The ability to invoke dex2oat. Historically required by ART, now only | ||
# allowed for targetApi<=28 for compat reasons. | ||
allow untrusted_base_app_25 dex2oat_exec:file rx_file_perms; | ||
userdebug_or_eng(`auditallow untrusted_base_app_25 dex2oat_exec:file rx_file_perms;') | ||
|
||
# The ability to talk to /dev/ashmem directly. targetApi>=29 must use | ||
# ASharedMemory instead. | ||
allow untrusted_base_app_25 ashmem_device:chr_file rw_file_perms; | ||
auditallow untrusted_base_app_25 ashmem_device:chr_file open; | ||
|
||
# Read /mnt/sdcard symlink. | ||
allow untrusted_base_app_25 mnt_sdcard_file:lnk_file r_file_perms; | ||
|
||
# allow binding to netlink route sockets and sending RTM_GETLINK messages. | ||
allow untrusted_base_app_25 self:netlink_route_socket { bind nlmsg_readpriv }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
### | ||
### Untrusted_27. | ||
### | ||
### This file defines the rules for untrusted apps running with | ||
### 25 < targetSdkVersion <= 28. | ||
### | ||
### See public/untrusted_app.te for more information about which apps are | ||
### placed in this selinux domain. | ||
### | ||
|
||
typeattribute untrusted_base_app_27 coredomain; | ||
|
||
app_domain(untrusted_base_app_27) | ||
untrusted_app_domain(untrusted_base_app_27) | ||
net_domain(untrusted_base_app_27) | ||
bluetooth_domain(untrusted_base_app_27) | ||
|
||
# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q. | ||
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 | ||
allow untrusted_base_app_27 { apk_data_file app_data_file asec_public_file }:file execmod; | ||
|
||
# The ability to call exec() on files in the apps home directories | ||
# for targetApi 26, 27, and 28. | ||
allow untrusted_base_app_27 app_data_file:file execute_no_trans; | ||
auditallow untrusted_base_app_27 app_data_file:file { execute execute_no_trans }; | ||
|
||
# The ability to invoke dex2oat. Historically required by ART, now only | ||
# allowed for targetApi<=28 for compat reasons. | ||
allow untrusted_base_app_27 dex2oat_exec:file rx_file_perms; | ||
userdebug_or_eng(`auditallow untrusted_base_app_27 dex2oat_exec:file rx_file_perms;') | ||
|
||
# The ability to talk to /dev/ashmem directly. targetApi>=29 must use | ||
# ASharedMemory instead. | ||
allow untrusted_base_app_27 ashmem_device:chr_file rw_file_perms; | ||
auditallow untrusted_base_app_27 ashmem_device:chr_file open; | ||
|
||
# Read /mnt/sdcard symlink. | ||
allow untrusted_base_app_27 mnt_sdcard_file:lnk_file r_file_perms; | ||
|
||
# allow binding to netlink route sockets and sending RTM_GETLINK messages. | ||
allow untrusted_base_app_27 self:netlink_route_socket { bind nlmsg_readpriv }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### | ||
### Untrusted_29. | ||
### | ||
### This file defines the rules for untrusted apps running with | ||
### targetSdkVersion = 29. | ||
### | ||
### See public/untrusted_app.te for more information about which apps are | ||
### placed in this selinux domain. | ||
### | ||
|
||
typeattribute untrusted_base_app_29 coredomain; | ||
|
||
app_domain(untrusted_base_app_29) | ||
untrusted_app_domain(untrusted_base_app_29) | ||
net_domain(untrusted_base_app_29) | ||
bluetooth_domain(untrusted_base_app_29) | ||
|
||
# allow binding to netlink route sockets and sending RTM_GETLINK messages. | ||
allow untrusted_base_app_29 self:netlink_route_socket { bind nlmsg_readpriv }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### | ||
### Untrusted apps. | ||
### | ||
### Apps are labeled based on mac_permissions.xml (maps signer and | ||
### optionally package name to seinfo value) and seapp_contexts (maps UID | ||
### and optionally seinfo value to domain for process and type for data | ||
### directory). The untrusted_app domain is the default assignment in | ||
### seapp_contexts for any app with UID between APP_AID (10000) | ||
### and AID_ISOLATED_START (99000) if the app has no specific seinfo | ||
### value as determined from mac_permissions.xml. In current AOSP, this | ||
### domain is assigned to all non-system apps as well as to any system apps | ||
### that are not signed by the platform key. To move | ||
### a system app into a specific domain, add a signer entry for it to | ||
### mac_permissions.xml and assign it one of the pre-existing seinfo values | ||
### or define and use a new seinfo value in both mac_permissions.xml and | ||
### seapp_contexts. | ||
### | ||
|
||
type untrusted_base_app, domain; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### | ||
### Untrusted apps. | ||
### | ||
### Apps are labeled based on mac_permissions.xml (maps signer and | ||
### optionally package name to seinfo value) and seapp_contexts (maps UID | ||
### and optionally seinfo value to domain for process and type for data | ||
### directory). The untrusted_app domain is the default assignment in | ||
### seapp_contexts for any app with UID between APP_AID (10000) | ||
### and AID_ISOLATED_START (99000) if the app has no specific seinfo | ||
### value as determined from mac_permissions.xml. In current AOSP, this | ||
### domain is assigned to all non-system apps as well as to any system apps | ||
### that are not signed by the platform key. To move | ||
### a system app into a specific domain, add a signer entry for it to | ||
### mac_permissions.xml and assign it one of the pre-existing seinfo values | ||
### or define and use a new seinfo value in both mac_permissions.xml and | ||
### seapp_contexts. | ||
### | ||
|
||
type untrusted_base_app_25, domain; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### | ||
### Untrusted apps. | ||
### | ||
### Apps are labeled based on mac_permissions.xml (maps signer and | ||
### optionally package name to seinfo value) and seapp_contexts (maps UID | ||
### and optionally seinfo value to domain for process and type for data | ||
### directory). The untrusted_app domain is the default assignment in | ||
### seapp_contexts for any app with UID between APP_AID (10000) | ||
### and AID_ISOLATED_START (99000) if the app has no specific seinfo | ||
### value as determined from mac_permissions.xml. In current AOSP, this | ||
### domain is assigned to all non-system apps as well as to any system apps | ||
### that are not signed by the platform key. To move | ||
### a system app into a specific domain, add a signer entry for it to | ||
### mac_permissions.xml and assign it one of the pre-existing seinfo values | ||
### or define and use a new seinfo value in both mac_permissions.xml and | ||
### seapp_contexts. | ||
### | ||
|
||
type untrusted_base_app_27, domain; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### | ||
### Untrusted apps. | ||
### | ||
### Apps are labeled based on mac_permissions.xml (maps signer and | ||
### optionally package name to seinfo value) and seapp_contexts (maps UID | ||
### and optionally seinfo value to domain for process and type for data | ||
### directory). The untrusted_app domain is the default assignment in | ||
### seapp_contexts for any app with UID between APP_AID (10000) | ||
### and AID_ISOLATED_START (99000) if the app has no specific seinfo | ||
### value as determined from mac_permissions.xml. In current AOSP, this | ||
### domain is assigned to all non-system apps as well as to any system apps | ||
### that are not signed by the platform key. To move | ||
### a system app into a specific domain, add a signer entry for it to | ||
### mac_permissions.xml and assign it one of the pre-existing seinfo values | ||
### or define and use a new seinfo value in both mac_permissions.xml and | ||
### seapp_contexts. | ||
### | ||
|
||
type untrusted_base_app_29, domain; |
Oops, something went wrong.