From b4f354fdd25a1fa9fc94ed7749588631f74e3dc1 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 4 Mar 2017 20:09:10 -0800
Subject: [PATCH] Move /proc/tty/drivers access to untrusted_app_25

This should only be granted to legacy apps, not to newer API versions.

Change-Id: Ia4b9b3a3cf33aa31bcad2fe15d8470c50132e2a9
Test: policy compiles.
---
 private/untrusted_app_25.te  | 7 +++++++
 private/untrusted_app_all.te | 6 ------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index cd3f32bee..e576d27dc 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -35,3 +35,10 @@ get_prop(untrusted_app_25, net_dns_prop)
 # b/35917228 - /proc/misc access
 # This will go away in a future Android release
 allow untrusted_app_25 proc_misc:file r_file_perms;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index edd1f93a0..653441271 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -91,9 +91,3 @@ allow untrusted_app_all sysfs_hwrandom:file r_file_perms;
 # Allow apps to view preloaded content
 allow untrusted_app_all preloads_data_file:dir r_dir_perms;
 allow untrusted_app_all preloads_data_file:file r_file_perms;
-
-# Access to /proc/tty/drivers, to allow apps to determine if they
-# are running in an emulated environment.
-# b/33214085 b/33814662 b/33791054 b/33211769
-# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
-allow untrusted_app_all proc_tty_drivers:file r_file_perms;
-- 
GitLab