From a910a287d81bf5e9885af9e5be60ed444964a86a Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 19 Oct 2015 10:45:27 -0700
Subject: [PATCH] Remove untrusted_app access to tmp apk files

Verifier has moved to the priv_app domain. Neverallow app domain
access to tmp apk files with exceptions for platform and priv app
domains.

Change-Id: I68a2fa39ebc7dc0bfa278fe7d092655f21a5225d
---
 app.te           | 4 ++++
 untrusted_app.te | 4 ----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app.te b/app.te
index c670c9dd8..c8009dc52 100644
--- a/app.te
+++ b/app.te
@@ -344,6 +344,10 @@ neverallow appdomain
     dhcp_data_file:dir_file_class_set
     { create write setattr relabelfrom relabelto append unlink link rename };
 
+# access tmp apk files
+neverallow { appdomain -platform_app -priv_app }
+    { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
+
 # Access to factory files.
 neverallow appdomain efs_file:dir_file_class_set write;
 neverallow { appdomain -shell } efs_file:dir_file_class_set read;
diff --git a/untrusted_app.te b/untrusted_app.te
index 1778c2232..ecf85a22d 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -77,10 +77,6 @@ allow untrusted_app radio_service:service_manager find;
 allow untrusted_app surfaceflinger_service:service_manager find;
 allow untrusted_app app_api_service:service_manager find;
 
-# Allow verifier to access staged apks.
-allow untrusted_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
-allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
-
 # only allow unprivileged socket ioctl commands
 allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
 
-- 
GitLab