remove appdomain's ability to examine all of /proc

Remove the CTS specific rule which allows appdomain processes to view /proc entries for the rest of the system. With this change, an SELinux domain will only be able to view it's own /proc entries, e.g. untrusted_app can only view /proc entries for other untrusted_app, system_app can only view /proc entries for other system_apps, etc. /proc contains sensitive information, and we want to avoid leaking this information between app security domains. Bug: 17254920 Change-Id: I59da37dde00107a5ab123df3b79a84afa855339f

remove appdomain's ability to examine all of /proc
0d3f7ddc · Nick Kralevich · 92d1aa19 · 0d3f7ddc
Commit 0d3f7ddc authored 10 years ago by Nick Kralevich
--- a/app.te
+++ b/app.te
@@ -152,14 +152,6 @@ allow appdomain resourcecache_data_file:dir r_dir_perms;
 ### CTS-specific rules
 ###

-# For cts/tools/device-setup/TestDeviceSetup/src/android/tests/getinfo/RootProcessScanner.java.
-# Reads /proc/pid/status and statm entries to check that
-# no unexpected root processes are running.
-# Also for cts/tests/tests/security/src/android/security/cts/VoldExploitTest.java
-# Reads /proc/pid/cmdline of vold.
-allow appdomain domain:dir { open read search getattr };
-allow appdomain domain:{ file lnk_file } { open read getattr };
-
 # For cts/tests/tests/permission/src/android/permission/cts/FileSystemPermissionTest.java.
 # testRunAsHasCorrectCapabilities
 allow appdomain runas_exec:file getattr;