I meant untrusted_app is able to access the database through content provider interface. But at the same time, would my policy rule prevent untrusted_app to access the db file even if I make it "world readable" ? Can also please explain your statement - "However the latter assumes you have control over the policy"
Thanks. ________________________________________ From: William Roberts [[email protected]] Sent: Friday, April 03, 2015 5:32 PM To: Datta, Souvik Cc: [email protected] Subject: Re: Preventing untrusted_app domain from accessing database Just to clarify when you say that untrusted_app is able to access the db do you mean the database file itself, or via the exposed content provider interface? In the case of content provider you need to use existing android permissions or use SELinux check access api to implement your own custom checks. However the latter assumes you have control over the policy. On Apr 3, 2015 7:22 AM, "Datta, Souvik" <[email protected]<mailto:[email protected]>> wrote: Hi, I am running on Android 4.4.4 and have two processes. The security context of both the processes are :- com.example.contentproviderexample having security context --> u:r:hm_phonebookaccess_app:s0 com.example.contentprovideruser having security context --> u:r:untrusted_app:s0 com.example.contentproviderexample is a content provider and the database which has security context as - mydb --> u:object_r:hm_phonebookaccess_data_file:s0 mydb-journal --> u:object_r:hm_phonebookaccess_data_file:s0 The above security context has been set using following rule - type hm_phonebookaccess_app, domain; app_domain(hm_phonebookaccess_app) allow hm_phonebookaccess_app dalvikcache_data_file:file { write setattr }; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { read getattr open }; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir setattr; allow hm_phonebookaccess_app zygote:unix_stream_socket { getopt getattr }; allow hm_phonebookaccess_app apk_data_file:dir getattr; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { write create add_name }; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { write create setattr }; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir search; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { read open }; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file lock; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir remove_name; allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file unlink; allow installd hm_phonebookaccess_data_file:lnk_file create; At run time, I am making setenforce as 1. My aim is to prevent any process which belongs to domain-->untrusted_app from accessing the database which belongs to the domain-u:r:hm_phonebookaccess_app:s0 NOTE: The content provider is exported as true. In the seapp_contexts, following entry has been made :- user=_app domain=hm_phonebookaccess_app name=com.example.contentproviderexample type=hm_phonebookaccess_data_file My observation is that in enforcement mode, the process "com.example.contentprovideruser" is able to access the database. Is there any way I can prevent "untrusted_app" domain from accessing that database? Thanks and Regards, Souvik _______________________________________________ Seandroid-list mailing list [email protected]<mailto:[email protected]> To unsubscribe, send email to [email protected]<mailto:[email protected]>. To get help, send an email containing "help" to [email protected]<mailto:[email protected]>. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
