| # MLS override can't be used to access private app data. |
| |
| # Apps should not normally be mlstrustedsubject, but if they must be |
| # they cannot use this to access app private data files; their own app |
| # data files must use a different label. |
| |
| neverallow { |
| mlstrustedsubject |
| -artd # compile secondary dex files |
| -installd |
| } { |
| app_data_file |
| privapp_data_file |
| is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `storage_area_content_file') |
| }:file ~{ read write map getattr ioctl lock append }; |
| |
| neverallow { |
| mlstrustedsubject |
| -artd # compile secondary dex files |
| -installd |
| } { |
| app_data_file |
| privapp_data_file |
| is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `storage_area_content_file') |
| }:dir ~{ read getattr search }; |
| |
| is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, ` |
| neverallow { |
| mlstrustedsubject |
| -artd # compile secondary dex files |
| -installd |
| -vold # encryption of storage areas |
| -vold_prepare_subdirs # creation of storage area directories |
| } { storage_area_dir storage_area_app_dir }:dir ~{ read getattr search }; |
| ') |
| |
| neverallow { |
| mlstrustedsubject |
| -artd # compile secondary dex files |
| -installd |
| -system_server |
| -adbd |
| -runas |
| -zygote |
| } { |
| app_data_file |
| privapp_data_file |
| is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `storage_area_content_file') |
| }:dir { read getattr search }; |
| |
| is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, ` |
| neverallow { |
| mlstrustedsubject |
| -artd # compile secondary dex files |
| -installd |
| -system_server |
| -adbd |
| -runas |
| -vold # encryption of storage area directories |
| -vold_prepare_subdirs # creation of storage area directories |
| -zygote |
| } { storage_area_dir storage_area_app_dir }:dir { read getattr search }; |
| ') |