Remove levelFrom=none from vendor apps.
Set levelFrom=user or levelFrom=all explicitly on the apps that were
implicitly using levelFrom=none before. This provides better isolation
for app data files and unblocks future policy changes.
These changes are safe in theory, even if the apps create files with
their new level:
- ssr_detector_app has write access to system_app_data_file, but it is
mlstrustedobject.
- data_service_app has write access to radio_data_file, but it is
mlstrustedobject.
- ril_config_service_app has write access to radio_vendor_data_file,
but it is mlstrustedobject.
- timeservice_app connects to time_daemon:unix_stream_socket, but we
make that mlstrustedsubject. (It's a device-wide daemon.)
They also seem to be safe in practice - I've exercised their
functionality and seen no new denials.
Bug: 170622707
Test: manual: delete shared_relro files, they are recreated & used.
Test: manual: insert SIM, verify telephony works.
Test: manual: change time, make sure timeservice_app runs & works.
Test: presubmit
Change-Id: I2df2997029cc638b615562adfc6009a01bb0b948
2 files changed
