From e427a2b2beb0e3e1eb6e93227a10f3f4d840e440 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 4 Jan 2017 08:43:09 -0800
Subject: [PATCH] untrusted_app: allow access to /proc/tty/drivers

/proc/tty/drivers is read by applications to figure out if they are
running in an emulated environment. Specifically, they look for the
string "goldfish" within that file.

Arguably this is not an Android API, and really shouldn't be exposed to
applications, but:

1) A largish number of applications break if they can't read this file;
2) The information here isn't particularly sensitive

While we could spend a bunch of time trying to get applications fixed,
there are bigger fish to fry. It's not worth the battle.

Test: "ls -laZ /proc/tty/drivers" is labeled properly.
Bug: 33214085
Bug: 33814662
Bug: 33791054
Bug: 33211769
Bug: 26813932
Change-Id: Icc05bdc1c917547a6dca7d76636a1009369bde49
---
 private/genfs_contexts  | 1 +
 public/file.te          | 1 +
 public/untrusted_app.te | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index bb2fea90b..f7016851d 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -29,6 +29,7 @@ genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
+genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
diff --git a/public/file.te b/public/file.te
index 66680e67a..6184eef0c 100644
--- a/public/file.te
+++ b/public/file.te
@@ -20,6 +20,7 @@ type proc_net, fs_type;
 type proc_stat, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
+type proc_tty_drivers, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
 type proc_zoneinfo, fs_type;
diff --git a/public/untrusted_app.te b/public/untrusted_app.te
index 48662f3d9..827334287 100644
--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -97,6 +97,12 @@ allow untrusted_app sysfs_hwrandom:file r_file_perms;
 allow untrusted_app preloads_data_file:dir r_dir_perms;
 allow untrusted_app preloads_data_file:file r_file_perms;
 
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+allow untrusted_app proc_tty_drivers:file r_file_perms;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab