Hello Stephen, I am using Android 4.4.4 which is distributed by a Silicon Vendor for the embedded target that I am working on. I went ahead and modified <build>/external/sepolicy/untrusted_app.te file by commenting out #permissive untrusted_app; and then did a build. But this did not have any effect. In other words, the process belonging to untrusted_app domain could still access the database (u:object_r:hm_phonebookaccess_data_file:s0)
Is there any other way, this can be handled other than moving to a different version of SEAndroid? Thanks. ________________________________________ From: Stephen Smalley [[email protected]] Sent: Friday, April 03, 2015 6:09 PM To: Datta, Souvik; [email protected] Subject: Re: Preventing untrusted_app domain from accessing database On 04/03/2015 07:18 AM, Datta, Souvik wrote: > Hi, > > I am running on Android 4.4.4 and have two processes. The security context of > both the processes are :- > > com.example.contentproviderexample having security context --> > u:r:hm_phonebookaccess_app:s0 > com.example.contentprovideruser having security context --> > u:r:untrusted_app:s0 > > > com.example.contentproviderexample is a content provider and the database > which has security context as - > > mydb --> u:object_r:hm_phonebookaccess_data_file:s0 > mydb-journal --> u:object_r:hm_phonebookaccess_data_file:s0 > > The above security context has been set using following rule - > > type hm_phonebookaccess_app, domain; > app_domain(hm_phonebookaccess_app) > allow hm_phonebookaccess_app dalvikcache_data_file:file { write setattr }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { read getattr > open }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir setattr; > allow hm_phonebookaccess_app zygote:unix_stream_socket { getopt getattr }; > allow hm_phonebookaccess_app apk_data_file:dir getattr; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { write create > add_name }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { write create > setattr }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir search; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { read open }; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file lock; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir remove_name; > allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file unlink; > allow installd hm_phonebookaccess_data_file:lnk_file create; > > > At run time, I am making setenforce as 1. > > My aim is to prevent any process which belongs to domain-->untrusted_app from > accessing the database which belongs to the > domain-u:r:hm_phonebookaccess_app:s0 > > NOTE: The content provider is exported as true. > > In the seapp_contexts, following entry has been made :- > > user=_app domain=hm_phonebookaccess_app > name=com.example.contentproviderexample type=hm_phonebookaccess_data_file > > My observation is that in enforcement mode, the process > "com.example.contentprovideruser" is able to access the database. > > Is there any way I can prevent "untrusted_app" domain from accessing that > database? Are you using vanilla 4.4.4 or our seandroid-4.4.4 branches? The former would have permissive untrusted_app; and therefore untrusted_app would be unrestricted by SELinux. Our seandroid-4.4.4 branches have it enforcing, so that's a better starting point if you want to restrict untrusted_app, but we are no longer maintaining those branches as 5.x is available. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
