>>As to whether or not it makes sense to allow the second one for all apps, it
>>depends on whether it is legitimate for all apps to be clients of the
>>bluetooth app. If so, then yes, you could generalize the rule.
>>However, doing so is counter to least privilege, and for system UID apps in
>>particular, we want to limit their exposure and potential for misuse since
>>they are privileged.
But since untrusted apps have the access , is it not safe enough to allow it
for system apps as well ??
If not making it generic , we can add the following in system app
bluetooth_domain(system_app)
Else
allow { appdomain -isolated_app -su -shell -shared_relro -nfc }
bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown
};
Thanks.
-----Original Message-----
From: Stephen Smalley [mailto:[email protected]]
Sent: Tuesday, May 24, 2016 2:07 AM
To: Inamdar Sharif; [email protected]
Subject: Re: Make bluetooth access generic for appdomains.
On 05/23/2016 02:53 AM, Inamdar Sharif wrote:
> Hi Guys,
>
>
>
> While going through the policies I came across the following two changes :
>
>
>
> 1) In platform_app.te
>
> bluetooth_domain(platform_app)
>
>
>
> 2) In untrusted_app.te
>
> bluetooth_domain(untrusted_app)
>
>
>
> Since both platform and untrusted apps have this capability, is there
> any reason why system apps don’t have this??
>
>
>
> Can we not make it generic by adding the below in app.te:
>
> allow appdomain self:socket create_socket_perms;
>
> allow appdomain bluetooth:unix_stream_socket { getopt setopt getattr
> read write ioctl shutdown };
The first rule has been removed from AOSP policy; it seemed to be a leftover of
the older Android bluetooth implementation. So you shouldn't need that one.
As to whether or not it makes sense to allow the second one for all apps, it
depends on whether it is legitimate for all apps to be clients of the bluetooth
app. If so, then yes, you could generalize the rule.
However, doing so is counter to least privilege, and for system UID apps in
particular, we want to limit their exposure and potential for misuse since they
are privileged.
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may
contain
confidential information. Any unauthorized review, use, disclosure or
distribution
is prohibited. If you are not the intended recipient, please contact the
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
