Google Git
Sign in
android / platform / external / sepolicy / 369cf8cde5f69e6d6b752e250edfba80289b9c83
commit369cf8cde5f69e6d6b752e250edfba80289b9c83[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Mar 25 12:22:32 2016 -0700
committerNick Kralevich <nnk@google.com>Fri Mar 25 12:22:32 2016 -0700
tree0f91bd625cbaa65531eeb88869dbb7e1d144c416
parentf2d07904f7754a066c7e15a072cf57126ff348d3 [diff]
neverallow /data/anr access for isolated/untrusted apps

Add a neverallow rule (compile time assertion + CTS test) that
isolated_apps and untrusted_apps can't do anything else but append
to /data/anr/traces.txt. In particular, assert that they can't
read from the file, or overwrite other data which may already be
in the file.

Bug: 18340553
Bug: 27853304
Change-Id: I249fe2a46401b660efaa3f1102924a448ed750d5
2 files changed
tree: 0f91bd625cbaa65531eeb88869dbb7e1d144c416
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. binderservicedomain.te
  9. blkid.te
  10. blkid_untrusted.te
  11. bluetooth.te
  12. bluetoothdomain.te
  13. bootanim.te
  14. bootstat.te
  15. clatd.te
  16. CleanSpec.mk
  17. debuggerd.te
  18. device.te
  19. dex2oat.te
  20. dhcp.te
  21. dnsmasq.te
  22. domain.te
  23. domain_deprecated.te
  24. drmserver.te
  25. dumpstate.te
  26. file.te
  27. file_contexts
  28. file_contexts_asan
  29. fingerprintd.te
  30. fs_use
  31. fsck.te
  32. fsck_untrusted.te
  33. gatekeeperd.te
  34. genfs_contexts
  35. global_macros
  36. gpsd.te
  37. hci_attach.te
  38. healthd.te
  39. hostapd.te
  40. idmap.te
  41. init.te
  42. initial_sid_contexts
  43. initial_sids
  44. inputflinger.te
  45. install_recovery.te
  46. installd.te
  47. ioctl_macros
  48. isolated_app.te
  49. kernel.te
  50. keys.conf
  51. keystore.te
  52. lmkd.te
  53. logd.te
  54. mac_permissions.xml
  55. mdnsd.te
  56. mediaserver.te
  57. mls
  58. mls_macros
  59. MODULE_LICENSE_PUBLIC_DOMAIN
  60. mtp.te
  61. net.te
  62. netd.te
  63. neverallow_macros
  64. nfc.te
  65. NOTICE
  66. perfprofd.te
  67. platform_app.te
  68. policy_capabilities
  69. port_contexts
  70. postinstall.te
  71. ppp.te
  72. priv_app.te
  73. property.te
  74. property_contexts
  75. racoon.te
  76. radio.te
  77. README
  78. recovery.te
  79. recovery_persist.te
  80. recovery_refresh.te
  81. rild.te
  82. roles
  83. runas.te
  84. sdcardd.te
  85. seapp_contexts
  86. security_classes
  87. service.te
  88. service_contexts
  89. servicemanager.te
  90. sgdisk.te
  91. shared_relro.te
  92. shell.te
  93. slideshow.te
  94. su.te
  95. surfaceflinger.te
  96. system_app.te
  97. system_server.te
  98. te_macros
  99. tee.te
  100. toolbox.te
  101. tzdatacheck.te
  102. ueventd.te
  103. uncrypt.te
  104. untrusted_app.te
  105. update_engine.te
  106. update_verifier.te
  107. users
  108. vdc.te
  109. vold.te
  110. watchdogd.te
  111. wpa.te
  112. zygote.te