untrusted_app.te · 0e61a7a96d76ea46c65286d64474bb7ba301d1d6 · Werner Sembach / AndroidSystemSEPolicy

Something went wrong on our end

9 years ago

neverallow /data/anr access for isolated/untrusted apps · 0e61a7a9

Nick Kralevich authored 9 years ago

Add a neverallow rule (compile time assertion + CTS test) that
isolated_apps and untrusted_apps can't do anything else but append
to /data/anr/traces.txt. In particular, assert that they can't
read from the file, or overwrite other data which may already be
in the file.

Bug: 18340553
Bug: 27853304

(cherry picked from commit 369cf8cd)

Change-Id: Ib33e7ea0342ad28e5a89dfffdd9bc16fe54d8b3d

0e61a7a9

History

neverallow /data/anr access for isolated/untrusted apps

Nick Kralevich authored 9 years ago

Add a neverallow rule (compile time assertion + CTS test) that
isolated_apps and untrusted_apps can't do anything else but append
to /data/anr/traces.txt. In particular, assert that they can't
read from the file, or overwrite other data which may already be
in the file.

Bug: 18340553
Bug: 27853304

(cherry picked from commit 369cf8cd)

Change-Id: Ib33e7ea0342ad28e5a89dfffdd9bc16fe54d8b3d