On Fri, 2017-02-10 at 16:44 +0000, Roberts, William C wrote:
> Bump anyone have any feedback?
>
> From: Roberts, William C
> Sent: Wednesday, February 8, 2017 10:45 AM
> To: seandroid-list@tycho.nsa.gov
> Subject: Using non-native executables from native services
>
> If a native service wishes to execute a non-native tool, like AM, it
> would require being able to execute the dalvikcache_data_file for
> that. However, doing so hits my neverallow:
>
> #
> # Assert that, to the extent possible, we're not loading executable
> content from
> # outside the rootfs or /system partition except for a few
> whitelisted domains.
> #
> neverallow {
> domain
> -appdomain
> -dumpstate
> -shell
> userdebug_or_eng(`-su')
> -system_server
> -webview_zygote
> -zygote
> } { file_type -system_file -exec_type -postinstall_file }:file
> execute;
> neverallow {
> domain
> -appdomain # for oemfs
> -recovery # for /tmp/update_binary in tmpfs
> } { fs_type -rootfs }:file execute;
>
> Before, I would just typeattribute the service into appdomain, which
> obviously has some non-desirable consequences since it was not a full
> app. This new neverallow precludes that:
>
> # Only domains spawned from zygote and runas may have the appdomain
> attribute.
> neverallow { domain -runas -webview_zygote -zygote } {
> appdomain -shell userdebug_or_eng(`-su') -bluetooth
> }:process { transition dyntransition };
>
> What’s the best answer for this? In my particular case they wish to
> send a broadcast from their native service, should they just use some
> native broadcast API?
I agree that would be better. Maybe that's a question for android-
platform or one of the other android groups as to what is the
recommended way to perform such things from native services.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
