Skip to content
Snippets Groups Projects
Select Git revision
  • f542a5fad74493ec2140cdf85067c231baafde61
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

file_contexts

Blame
    • Joel Galenson's avatar
      f542a5fa
      Remove unneeded file labels. · f542a5fa
      Joel Galenson authored
      A previous commit (a83e0cc) already labels these with genfs_context,
      which has better performance.
      
      Bug: 62413700
      Test: Built, flashed, and booted.  Verified that the files have
      the correct context.
      
      Change-Id: I464b0df30fabfc5f1c7cd7430e53e8d04bfacb53
      f542a5fa
      History
      Remove unneeded file labels.
      Joel Galenson authored
      A previous commit (a83e0cc) already labels these with genfs_context,
      which has better performance.
      
      Bug: 62413700
      Test: Built, flashed, and booted.  Verified that the files have
      the correct context.
      
      Change-Id: I464b0df30fabfc5f1c7cd7430e53e8d04bfacb53
    app.te 5.97 KiB
    #
    # Domains for apps that do not run with one of the predefined
    # platform UIDs (system, radio, nfc, ...).
    #
    
    #
    # Apps signed with the platform key.
    #
    type platform_app, domain;
    app_domain(platform_app)
    platform_app_domain(platform_app)
    # Access the network.
    net_domain(platform_app)
    # Access bluetooth.
    bluetooth_domain(platform_app)
    # Write to /cache.
    allow platform_app cache_file:dir rw_dir_perms;
    allow platform_app cache_file:file create_file_perms;
    # Read from /data/local.
    allow platform_app shell_data_file:dir search;
    allow platform_app shell_data_file:file { open getattr read };
    allow platform_app shell_data_file:lnk_file read;
    # Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
    # created by system server.
    allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
    allow platform_app apk_private_data_file:dir search;
    # ASEC
    allow platform_app asec_apk_file:dir create_dir_perms;
    allow platform_app asec_apk_file:file create_file_perms;
    
    # Apps signed with the media key.
    type media_app, domain;
    app_domain(media_app)
    platform_app_domain(media_app)
    # Access the network.
    net_domain(media_app)
    # Access /dev/mtp_usb.
    allow media_app mtp_device:chr_file rw_file_perms;
    # Write to /cache.
    allow media_app cache_file:dir rw_dir_perms;
    allow media_app cache_file:file create_file_perms;
    # Stat /cache/lost+found
    allow media_app unlabeled:file getattr;
    allow media_app unlabeled:dir getattr;
    # Stat /cache/backup
    allow media_app cache_backup_file:file getattr;
    allow media_app cache_backup_file:dir getattr;
    
    # Apps signed with the shared key.
    type shared_app, domain;
    app_domain(shared_app)
    platform_app_domain(shared_app)
    # Access the network.
    net_domain(shared_app)
    # Access bluetooth.
    bluetooth_domain(shared_app)
    # ASEC
    r_dir_file(shared_app, asec_apk_file)
    
    # Apps signed with the release key (testkey in AOSP).
    type release_app, domain;
    app_domain(release_app)
    platform_app_domain(release_app)
    # Access the network.
    net_domain(release_app)
    # Access bluetooth.
    bluetooth_domain(release_app)
    
    # Services with isolatedProcess=true in their manifest.
    # In order for isolated_apps to interact with apps that have levelFromUid=true
    # set it must be an mlstrustedsubject.
    type isolated_app, domain, mlstrustedsubject;
    app_domain(isolated_app)
    
    #
    # Rules for platform app domains.
    #
    
    # App sandbox file accesses.
    allow platformappdomain platform_app_data_file:dir create_dir_perms;
    allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_perms;
    # App sdcard file accesses
    allow platformappdomain sdcard_type:dir create_dir_perms;
    allow platformappdomain sdcard_type:file create_file_perms;
    
    #
    # Untrusted apps.
    #
    type untrusted_app, domain;
    app_domain(untrusted_app)
    net_domain(untrusted_app)
    bluetooth_domain(untrusted_app)
    allow untrusted_app tun_device:chr_file rw_file_perms;
    
    # Internal SDCard rw access.
    bool app_internal_sdcard_rw true;
    if (app_internal_sdcard_rw) {
    allow untrusted_app sdcard_internal:dir create_dir_perms;
    allow untrusted_app sdcard_internal:file create_file_perms;
    }
    # External SDCard rw access.
    bool app_external_sdcard_rw true;
    if (app_external_sdcard_rw) {
    allow untrusted_app sdcard_external:dir create_dir_perms;
    allow untrusted_app sdcard_external:file create_file_perms;
    }
    
    #
    # Rules for all app domains.
    #
    
    # Allow apps to connect to the keystore
    unix_socket_connect(appdomain, keystore, keystore)
    
    # Receive and use open file descriptors inherited from zygote.
    allow appdomain zygote:fd use;
    
    # Read system properties managed by zygote.
    allow appdomain zygote_tmpfs:file read;
    
    # Notify zygote of death;
    allow appdomain zygote:process sigchld;
    
    # Communicate over a FIFO or socket created by the system_server.
    allow appdomain system:fifo_file rw_file_perms;
    allow appdomain system:unix_stream_socket { read write setopt };
    
    # Communicate over a socket created by surfaceflinger.
    allow appdomain surfaceflinger:unix_stream_socket { read write setopt };
    
    # App sandbox file accesses.
    allow appdomain app_data_file:dir create_dir_perms;
    allow appdomain app_data_file:notdevfile_class_set create_file_perms;
    
    # Read/write data files created by the platform apps if they
    # were passed to the app via binder or local IPC.  Do not allow open.
    allow appdomain platform_app_data_file:file { getattr read write };
    
    # lib subdirectory of /data/data dir is system-owned.
    allow appdomain system_data_file:dir r_dir_perms;
    allow appdomain system_data_file:file { execute open };
    
    # Execute the shell or other system executables.
    allow appdomain shell_exec:file rx_file_perms;
    allow appdomain system_file:file rx_file_perms;
    
    # Read/write wallpaper file (opened by system).
    allow appdomain wallpaper_file:file { read write };
    
    # Write to /data/anr/traces.txt.
    allow appdomain anr_data_file:dir search;
    allow appdomain anr_data_file:file { open append };
    
    # Write to /proc/net/xt_qtaguid/ctrl file.
    allow appdomain qtaguid_proc:file rw_file_perms;
    # Everybody can read the xt_qtaguid resource tracking misc dev.
    # So allow all apps to read from /dev/xt_qtaguid.
    allow appdomain qtaguid_device:chr_file r_file_perms;
    
    # Use the Binder.
    binder_use(appdomain)
    # Perform binder IPC to binder services.
    binder_call(appdomain, binderservicedomain)
    # Perform binder IPC to other apps.
    binder_call(appdomain, appdomain)
    
    # Appdomain interaction with isolated apps
    r_dir_file(appdomain, isolated_app)
    
    # Already connected, unnamed sockets being passed over some other IPC
    # hence no sock_file or connectto permission. This appears to be how
    # Chrome works, may need to be updated as more apps using isolated services
    # are examined.
    allow appdomain isolated_app:unix_stream_socket { read write };
    allow isolated_app appdomain:unix_stream_socket { read write };
    
    # Backup ability for every app. BMS opens and passes the fd
    # to any app that has backup ability. Hence, no open permissions here.
    allow { appdomain isolated_app } backup_data_file:file { read write };
    allow { appdomain isolated_app } cache_backup_file:file { read write };
    # Backup ability using 'adb backup'
    allow { appdomain isolated_app } system_data_file:lnk_file getattr;