untrusted_app: allow access to /proc/tty/drivers

/proc/tty/drivers is read by applications to figure out if they are running in an emulated environment. Specifically, they look for the string "goldfish" within that file. Arguably this is not an Android API, and really shouldn't be exposed to applications, but: 1) A largish number of applications break if they can't read this file; 2) The information here isn't particularly sensitive While we could spend a bunch of time trying to get applications fixed, there are bigger fish to fry. It's not worth the battle. Test: "ls -laZ /proc/tty/drivers" is labeled properly. Bug: 33214085 Bug: 33814662 Bug: 33791054 Bug: 33211769 Bug: 26813932 Change-Id: Icc05bdc1c917547a6dca7d76636a1009369bde49

untrusted_app: allow access to /proc/tty/drivers
e427a2b2 · Nick Kralevich · 11c1b18f · e427a2b2 · e427a2b2 · e427a2b2
Commit e427a2b2 authored 8 years ago by Nick Kralevich
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -29,6 +29,7 @@ genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
+genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0

--- a/public/file.te
+++ b/public/file.te
@@ -20,6 +20,7 @@ type proc_net, fs_type;
 type proc_stat, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
+type proc_tty_drivers, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
 type proc_zoneinfo, fs_type;

--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -97,6 +97,12 @@ allow untrusted_app sysfs_hwrandom:file r_file_perms;
 allow untrusted_app preloads_data_file:dir r_dir_perms;
 allow untrusted_app preloads_data_file:file r_file_perms;

+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+allow untrusted_app proc_tty_drivers:file r_file_perms;
+
 ###
 ### neverallow rules
 ###