diff options
| author | Alan Stokes <alanstokes@google.com> | 2020-10-23 14:26:35 +0100 |
|---|---|---|
| committer | Alan Stokes <alanstokes@google.com> | 2020-10-23 14:44:52 +0100 |
| commit | 01f88e63c5d3f4570e0f4c7c9cf640b9b59542dd (patch) | |
| tree | a7521b48d7c25b8226b2d969f189729e3c095e00 /vendor/qcom/common | |
| parent | a20a0702690a4441d95fa1a21ed0015a0a55aafd (diff) | |
| download | sunfish-sepolicy-01f88e63c5d3f4570e0f4c7c9cf640b9b59542dd.tar.gz | |
Remove levelFrom=none from vendor apps.
(This is the same as https://r.android.com/1458479, for
crosshatch-sepolicy, but with minor modifications due to different
base policy - e.g. time_daemon is already mlstrustedsubject here. I've
checked again that these changes should be safe with the local
sepolicy and updated the explanation below. I also removed an obsolete
TODO.)
Set levelFrom=user or levelFrom=all explicitly on the apps that were
implicitly using levelFrom=none before. This provides better isolation
for app data files and unblocks future policy changes.
These changes should be safe even if the apps create files with
their new level:
- ssr_detector_app has write access to system_app_data_file and
cgroup, but they are mlstrustedobject.
- data_service_app has write access to radio_data_file, but it is
mlstrustedobject.
- ril_config_service_app has write access to vendor_radio_data_file,
but it is mlstrustedobject.
- timeservice_app connects to time_daemon:unix_stream_socket, but it
is mlstrustedsubject.
Test: presubmits
Bug: 170622707
Change-Id: I4b291c03797e623540ee66c3de034d3e9da29996
Diffstat (limited to 'vendor/qcom/common')
| -rw-r--r-- | vendor/qcom/common/seapp_contexts | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index cb5dedf..5581229 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -1,11 +1,9 @@ -#TODO(b/126137625): moving dataservice app from system to radio process -user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file -#user=system seinfo=platform name=.dataservices domain=dataservice_app type=system_app_data_file +user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file levelFrom=user # Hardware Info Collection user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user -user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file +user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file levelFrom=all user=_app seinfo=platform name=.qtidataservices domain=qtidataservices_app type=app_data_file levelFrom=all @@ -15,7 +13,7 @@ user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymon user=_app seinfo=platform name=com.qualcomm.qti.services.secureui* domain=secure_ui_service_app levelFrom=all #Needed for time service apk -user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file +user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all # Use a custom domain for GoogleCamera, to allow for Hexagon DSP / Easel access user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all |