Merge "mediaextractor: ensure no direct open()s"

am: e22e99a6 Change-Id: I7e345f52865c834bada137d773cbcd869825946c

Merge "mediaextractor: ensure no direct open()s"
ea17be60 · Nick Kralevich · android-build-merger · 89185f5a · e22e99a6 · ea17be60
Commit ea17be60 authored 7 years ago by Nick Kralevich Committed by android-build-merger 7 years ago
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -53,3 +53,11 @@ neverallow mediaextractor { file_type fs_type }:file execute_no_trans;
 # Lengthier explanation here:
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *;
+# mediaextractor should not be opening /data files directly. Any files
+# it touches (with a few exceptions) need to be passed to it via a file
+# descriptor opened outside the process.
+neverallow mediaextractor {
+  data_file_type
+  -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
+}:file open;