Further restrict access to tun_device

Remove bluetooth's access to tun_device. Auditallow rule demonstrates that it's not used. Strengthen the neverallow on opening tun_device to include all Apps. Bug: 24744295 Change-Id: Iba85ba016b1e24c6c12d5b33e46fe8232908aac1

Further restrict access to tun_device
e555f4b9 · Jeff Vander Stoep · 4367cf2d · e555f4b9 · e555f4b9 · e555f4b9
Commit e555f4b9 authored 9 years ago by Jeff Vander Stoep
--- a/app.te
+++ b/app.te
@@ -396,3 +396,6 @@ neverallow appdomain {
  security_file
  tmpfs
 }:lnk_file no_w_file_perms;
+# Do not allow Apps to directly open tun_device
+neverallow appdomain tun_device:chr_file open;
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -16,12 +16,7 @@ allow bluetooth bluetooth_socket:sock_file create_file_perms;
 # bluetooth factory file accesses.
 r_dir_file(bluetooth, bluetooth_efs_file)
-# TODO why does bluetooth require access to tun_device? If not,
+allow bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
-# remove access and tighten down neverallow rule so that appdomain is
-# not allowed to open (as opposed to just untrusted_app)
-# Device accesses. b/24744295
-allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
-auditallow bluetooth tun_device:chr_file rw_file_perms;
 # sysfs access.
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -145,9 +145,6 @@ neverallow untrusted_app file_type:file link;
 # Do not allow untrusted_app to access network MAC address file
 neverallow untrusted_app sysfs_mac_address:file no_rw_file_perms;
-# Do not allow untrusted app to directly open tun_device
-neverallow untrusted_app tun_device:chr_file open;
 # Do not allow untrusted_app access to /cache
 neverallow untrusted_app cache_file:dir ~{ r_dir_perms };
 neverallow untrusted_app cache_file:file ~{ read getattr };