only permit text relocations in untrusted_app

am: dc083f59 Change-Id: I38a2613d04dc0e59dc9e76dff39ab5ae9a024ae4

only permit text relocations in untrusted_app
9ab5a278 · Daniel Micay · android-build-merger · ff63c47d · dc083f59 · 9ab5a278
Commit 9ab5a278 authored Nov 20, 2016 by Daniel Micay Committed by android-build-merger Nov 20, 2016
--- a/public/app.te
+++ b/public/app.te
@@ -215,7 +215,7 @@ allow appdomain shared_relro_file:file r_file_perms;

 # Allow apps to read/execute installed binaries
 allow appdomain apk_data_file:dir r_dir_perms;
-allow appdomain apk_data_file:file { rx_file_perms execmod };
+allow appdomain apk_data_file:file rx_file_perms;

 # /data/resource-cache
 allow appdomain resourcecache_data_file:file r_file_perms;

--- a/public/domain.te
+++ b/public/domain.te
@@ -483,7 +483,7 @@ neverallow * self:process { execstack execheap };

 # prohibit non-zygote spawned processes from using shared libraries
 # with text relocations. b/20013628 .
-neverallow { domain -appdomain } file_type:file execmod;
+neverallow { domain -untrusted_app } file_type:file execmod;

 neverallow { domain -init } proc:{ file dir } mounton;


--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -25,6 +25,9 @@ app_domain(untrusted_app)
 net_domain(untrusted_app)
 bluetooth_domain(untrusted_app)

+# Legacy text relocations
+allow untrusted_app apk_data_file:file execmod;
+
 # Some apps ship with shared libraries and binaries that they write out
 # to their sandbox directory and then execute.
 allow untrusted_app app_data_file:file { rx_file_perms execmod };