Isolate untrusted app ptys from other domains.

Add a create_pty() macro that allows a domain to create and use its own ptys, isolated from the ptys of any other domain, and use that macro for untrusted_app. This permits the use of a pty by apps without opening up access to ptys created by any other domain on the system. Change-Id: I5d96ce4d1b26073d828e13eb71c48d1e14ce7d6b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Isolate untrusted app ptys from other domains.
2dc4acf3 · Stephen Smalley · 189558f6 · 2dc4acf3 · 2dc4acf3
Commit 2dc4acf3 authored 11 years ago by Stephen Smalley
--- a/te_macros
+++ b/te_macros
@@ -306,6 +306,20 @@ allow $1 klog_device:chr_file { create open write unlink };
 allow $1 device:dir { write add_name remove_name };
 ')

+#####################################
+# create_pty(domain)
+# Allow domain to create and use a pty, isolated from any other domain ptys.
+define(`create_pty', `
+# Each domain gets a unique devpts type.
+type $1_devpts, fs_type;
+# Label the pty with the unique type when created.
+type_transition $1 devpts:chr_file $1_devpts;
+# Allow use of the pty after creation.
+allow $1 $1_devpts:chr_file { open getattr read write ioctl };
+# Note: devpts:dir search and ptmx_device:chr_file rw_file_perms
+# allowed to everyone via domain.te.
+')
+
 #####################################
 # Non system_app application set
 #

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -38,7 +38,7 @@ allow untrusted_app port:{ tcp_socket udp_socket } name_bind;

 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
-allow untrusted_app devpts:chr_file rw_file_perms;
+create_pty(untrusted_app)

 # Used by Finsky / Android "Verify Apps" functionality when
 # running "adb install foo.apk".