Just to clarify when you say that untrusted_app is able to access the db do you mean the database file itself, or via the exposed content provider interface?
In the case of content provider you need to use existing android permissions or use SELinux check access api to implement your own custom checks. However the latter assumes you have control over the policy. On Apr 3, 2015 7:22 AM, "Datta, Souvik" <[email protected]> wrote: > Hi, > > I am running on Android 4.4.4 and have two processes. The security context > of both the processes are :- > > com.example.contentproviderexample having security context --> > u:r:hm_phonebookaccess_app:s0 > com.example.contentprovideruser having security context --> > u:r:untrusted_app:s0 > > > com.example.contentproviderexample is a content provider and the database > which has security context as - > > mydb --> u:object_r:hm_phonebookaccess_data_file:s0 > mydb-journal --> u:object_r:hm_phonebookaccess_data_file:s0 > > The above security context has been set using following rule - > > type hm_phonebookaccess_app, domain; > app_domain(hm_phonebookaccess_app) > allow hm_phonebookaccess_app dalvikcache_data_file:file { write setattr }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { read > getattr open }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir setattr; > allow hm_phonebookaccess_app zygote:unix_stream_socket { getopt getattr }; > allow hm_phonebookaccess_app apk_data_file:dir getattr; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { write > create add_name }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { write > create setattr }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir search; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { read open > }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file lock; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir remove_name; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file unlink; > allow installd hm_phonebookaccess_data_file:lnk_file create; > > > At run time, I am making setenforce as 1. > > My aim is to prevent any process which belongs to domain-->untrusted_app > from accessing the database which belongs to the > domain-u:r:hm_phonebookaccess_app:s0 > > NOTE: The content provider is exported as true. > > In the seapp_contexts, following entry has been made :- > > user=_app domain=hm_phonebookaccess_app > name=com.example.contentproviderexample type=hm_phonebookaccess_data_file > > My observation is that in enforcement mode, the process > "com.example.contentprovideruser" is able to access the database. > > Is there any way I can prevent "untrusted_app" domain from accessing that > database? > > Thanks and Regards, > Souvik > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
