diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-04-09 14:24:33 -0400 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-04-09 19:08:04 +0000 |
commit | 19c509034ee309c60c958637841c151d3c273421 (patch) | |
tree | 84b4688a8eee711849669525bf729de3a602a42e /installd.te | |
parent | 02f9e93ace4cfda5ceeae254d6260d3733d5f7b5 (diff) | |
download | android_external_sepolicy-19c509034ee309c60c958637841c151d3c273421.tar.gz android_external_sepolicy-19c509034ee309c60c958637841c151d3c273421.tar.bz2 android_external_sepolicy-19c509034ee309c60c958637841c151d3c273421.zip |
Define a type for /data/dalvik-cache/profiles.
I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f added a profiles
subdirectory to /data/dalvik-cache with files that must be
app-writable. As a result, we have denials such as:
W/Profiler( 3328): type=1400 audit(0.0:199): avc: denied { write } for name="com.google.android.setupwizard" dev="mmcblk0p28" ino=106067 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
W/Profiler( 3328): type=1300 audit(0.0:199): arch=40000028 syscall=322 per=800000 success=yes exit=33 a0=ffffff9c a1=b8362708 a2=20002 a3=0 items=1 ppid=194 auid=4294967295 uid=10019 gid=10019 euid=10019 suid=10019 fsuid=10019 egid=10019 sgid=10019 fsgid=10019 tty=(none) ses=4294967295 exe="/system/bin/app_process" subj=u:r:untrusted_app:s0 key=(null)
W/auditd ( 286): type=1307 audit(0.0:199): cwd="/"
W/auditd ( 286): type=1302 audit(0.0:199): item=0 name="/data/dalvik-cache/profiles/com.google.android.setupwizard" inode=106067 dev=b3:1c mode=0100664 ouid=1012 ogid=50019 rdev=00:00 obj=u:object_r:dalvikcache_data_file:s0
We do not want to allow untrusted app domains to write to the
existing type on other /data/dalvik-cache files as that could be used
for code injection into another app domain, the zygote or the system_server.
So define a new type for this subdirectory. The restorecon_recursive /data
in init.rc will fix the labeling on devices that already have a profiles
directory created. For correct labeling on first creation, we also need
a separate change to installd under the same change id.
Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'installd.te')
-rw-r--r-- | installd.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/installd.te b/installd.te index 3f5e9a1..a2b0687 100644 --- a/installd.te +++ b/installd.te @@ -9,6 +9,8 @@ allow installd self:capability { chown dac_override fowner fsetid setgid setuid allow installd system_data_file:file create_file_perms; allow installd system_data_file:lnk_file create; allow installd dalvikcache_data_file:file create_file_perms; +allow installd dalvikcache_profiles_data_file:dir create_dir_perms; +allow installd dalvikcache_profiles_data_file:file create_file_perms; allow installd data_file_type:dir create_dir_perms; allow installd data_file_type:dir { relabelfrom relabelto }; allow installd data_file_type:{ file_class_set } { getattr unlink }; |