Validate no-cross-domain /proc/PID access am: 7a463809

am: 881fe06f Change-Id: I0868a42de485ac8d94c19f1d6082d12928ed8047

Validate no-cross-domain /proc/PID access am: 7a463809
25d4a090 · Nick Kralevich · android-build-merger · 20ad01ed · 881fe06f · 25d4a090
Commit 25d4a090 authored Aug 11, 2017 by Nick Kralevich Committed by android-build-merger Aug 11, 2017
--- a/private/app.te
+++ b/private/app.te
@@ -402,8 +402,10 @@ neverallow appdomain zygote_socket:sock_file write;
 # ptrace access to non-app domains.
 neverallow appdomain { domain -appdomain }:process ptrace;

-# Write access to /proc/pid entries for any non-app domain.
-neverallow appdomain { domain -appdomain }:file write;
+# Read or write access to /proc/pid entries for any non-app domain.
+# A different form of hidepid=2 like protections
+neverallow appdomain { domain -appdomain }:file no_w_file_perms;
+neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;

 # signal access to non-app domains.
 # sigchld allowed for parent death notification.


--- a/public/te_macros
+++ b/public/te_macros
@@ -172,6 +172,8 @@ typeattribute $1 appdomain;
 tmpfs_domain($1)
 # Map with PROT_EXEC.
 allow $1 $1_tmpfs:file execute;
+neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
+neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
 ')

 #####################################