On 04/03/2015 07:18 AM, Datta, Souvik wrote:
> Hi,
>
> I am running on Android 4.4.4 and have two processes. The security context of
> both the processes are :-
>
> com.example.contentproviderexample having security context -->
> u:r:hm_phonebookaccess_app:s0
> com.example.contentprovideruser having security context -->
> u:r:untrusted_app:s0
>
>
> com.example.contentproviderexample is a content provider and the database
> which has security context as -
>
> mydb --> u:object_r:hm_phonebookaccess_data_file:s0
> mydb-journal --> u:object_r:hm_phonebookaccess_data_file:s0
>
> The above security context has been set using following rule -
>
> type hm_phonebookaccess_app, domain;
> app_domain(hm_phonebookaccess_app)
> allow hm_phonebookaccess_app dalvikcache_data_file:file { write setattr };
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { read getattr
> open };
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir setattr;
> allow hm_phonebookaccess_app zygote:unix_stream_socket { getopt getattr };
> allow hm_phonebookaccess_app apk_data_file:dir getattr;
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { write create
> add_name };
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file { write create
> setattr };
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir search;
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir { read open };
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file lock;
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:dir remove_name;
> allow hm_phonebookaccess_app hm_phonebookaccess_data_file:file unlink;
> allow installd hm_phonebookaccess_data_file:lnk_file create;
>
>
> At run time, I am making setenforce as 1.
>
> My aim is to prevent any process which belongs to domain-->untrusted_app from
> accessing the database which belongs to the
> domain-u:r:hm_phonebookaccess_app:s0
>
> NOTE: The content provider is exported as true.
>
> In the seapp_contexts, following entry has been made :-
>
> user=_app domain=hm_phonebookaccess_app
> name=com.example.contentproviderexample type=hm_phonebookaccess_data_file
>
> My observation is that in enforcement mode, the process
> "com.example.contentprovideruser" is able to access the database.
>
> Is there any way I can prevent "untrusted_app" domain from accessing that
> database?
Are you using vanilla 4.4.4 or our seandroid-4.4.4 branches? The former
would have permissive untrusted_app; and therefore untrusted_app would
be unrestricted by SELinux. Our seandroid-4.4.4 branches have it
enforcing, so that's a better starting point if you want to restrict
untrusted_app, but we are no longer maintaining those branches as 5.x is
available.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
