Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09859373 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Pass privapp specifier for selinux labeling 

Allow privileged apps to run in their own priv_app domain.

Motivation:
Untrusted_app is overprivileged due to the inclusion of privileged
apps like gmscore, play store and finsky. Moving these and other
privileged apps to their own domain reduces the permissions required
by untrusted_app.

A separate priv_app domain also protects priv-apps by further
isolating them from third party apps.

Bug: 22033466
Change-Id: I8e6ae5677c5a978301c453d0aa51ebed4459f5a0
parent 1ca9f481

services/core/java/com/android/server/pm/SELinuxMMAC.java

+6 −0
Original line number Diff line number Diff line
@@ -100,6 +100,9 @@ public final class SELinuxMMAC { 
    private static final String SEAPP_HASH_FILE =

            Environment.getDataDirectory().toString() + "/system/seapp_hash";



    // Append privapp to existing seinfo label

    private static final String PRIVILEGED_APP_STR = ":privapp";



    /**

     * Load the mac_permissions.xml file containing all seinfo assignments used to

     * label apps. The loaded mac_permissions.xml file is determined by the
@@ -313,6 +316,9 @@ public final class SELinuxMMAC { 
            }

        }



        if (pkg.applicationInfo.isPrivilegedApp())

            pkg.applicationInfo.seinfo += PRIVILEGED_APP_STR;



        if (DEBUG_POLICY_INSTALL) {

            Slog.i(TAG, "package (" + pkg.packageName + ") labeled with " +

                    "seinfo=" + pkg.applicationInfo.seinfo);