• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# Domains for apps that do not run with one of the predefined
3# platform UIDs (system, radio, nfc, ...).
4#
5
6#
7# Trusted apps.
8#
9type trusted_app, domain;
10app_domain(trusted_app)
11# Access the network.
12net_domain(trusted_app)
13# Access bluetooth.
14bluetooth_domain(trusted_app)
15# Read logs.
16allow trusted_app log_device:chr_file read;
17# Access /dev/mtp_usb.
18# XXX Split android.process.media into a separate domain?
19allow trusted_app mtp_device:chr_file rw_file_perms;
20# Write to /cache.
21allow trusted_app cache_file:dir rw_dir_perms;
22allow trusted_app cache_file:file create_file_perms;
23# Read from /data/local.
24allow trusted_app shell_data_file:dir search;
25allow trusted_app shell_data_file:file { open getattr read };
26allow trusted_app shell_data_file:lnk_file read;
27# Access the sdcard.
28allow trusted_app sdcard:dir create_dir_perms;
29allow trusted_app sdcard:file create_file_perms;
30# Populate /data/app/vmdl*.tmp file created by system server.
31allow trusted_app apk_tmp_file:file rw_file_perms;
32
33#
34# An example of a specific domain for a specific app
35# A domain for com.android.browser.
36type browser_app, domain;
37app_domain(browser_app)
38# Access the network.
39net_domain(browser_app)
40
41#
42# Untrusted apps.
43#
44type untrusted_app, domain;
45app_domain(untrusted_app)
46# Boolean-controlled options for untrusted apps.
47# Network access.
48bool app_network true;
49if (app_network) {
50# Cannot use net_domain within a conditional - type attribute.
51allow untrusted_app self:{ tcp_socket udp_socket } *;
52allow untrusted_app port_type:tcp_socket name_connect;
53allow untrusted_app node_type:{ tcp_socket udp_socket } node_bind;
54allow untrusted_app port_type:udp_socket name_bind;
55allow untrusted_app port_type:tcp_socket name_bind;
56unix_socket_connect(untrusted_app, dnsproxyd, netd)
57}
58# Bluetooth access.
59bool app_bluetooth false;
60if (app_bluetooth) {
61# No specific SELinux class for bluetooth sockets presently.
62allow untrusted_app self:socket *;
63}
64# SDCard rw access.
65bool app_sdcard_rw true;
66if (app_sdcard_rw) {
67allow untrusted_app sdcard:dir create_dir_perms;
68allow untrusted_app sdcard:file create_file_perms;
69}
70# Native app support.
71bool app_ndk false;
72if (app_ndk) {
73allow untrusted_app app_data_file:file execute;
74}
75
76#
77# Rules for all app domains.
78#
79
80# Receive and use open file descriptors inherited from zygote.
81allow appdomain zygote:fd use;
82
83# Read system properties managed by zygote.
84allow appdomain zygote_tmpfs:file read;
85
86# Notify zygote of death;
87allow appdomain zygote:process sigchld;
88
89# Communicate over a FIFO to system processes.
90allow appdomain system:fifo_file rw_file_perms;
91
92# App sandbox file accesses.
93allow appdomain app_data_file:dir create_dir_perms;
94allow appdomain app_data_file:notdevfile_class_set create_file_perms;
95
96# lib subdirectory of /data/data dir is system-owned.
97allow appdomain system_data_file:dir r_dir_perms;
98
99# Read/write wallpaper file (opened by system).
100allow appdomain wallpaper_file:file { read write };
101
102# Write to /data/anr/traces.txt.
103allow appdomain anr_data_file:dir search;
104allow appdomain anr_data_file:file { open append };
105
106# Use the Binder.
107binder_use(appdomain)
108# Perform binder IPC to binder services.
109binder_call(appdomain, binderservicedomain)
110binder_transfer(appdomain, binderservicedomain)
111# Perform binder IPC to other apps.
112binder_call(appdomain, appdomain)
113binder_transfer(appdomain, appdomain)
114