Actually, I am considering the case where app X is vulnerable and it is having a HTTP server embedded in it. Although app X and the process (which is assigned domain : hm_phonebookaccess_app and owning the database with type - hm_phonebookaccess_data_file) are having the same UID but they are running as two different processes. I have two questions here: a) From my understanding of previous mail content, if app X tries to directly do a raw access of the the database file owned by process having domain hm_phonebookaccess_app - , it will be prevented by my policy. Is this understanding correct? b) However, if app X is running a http server then I have observed that it is possible to access the database content through the http requests via the http server. Can you please explain why this cannot be prevented by the policy.
Regards, Souvik ________________________________________ From: Stephen Smalley [[email protected]] Sent: Wednesday, May 13, 2015 8:27 PM To: Datta, Souvik; [email protected] Subject: Re: Assigning domain and type to platform application and its data On 05/13/2015 10:31 AM, Datta, Souvik wrote: > Hello Stephen, > > Regarding your reply on my following query (in the mail below) : > >> b) If there is another platform app, say X, which shares the same UI >> as "com.example.contentprovideruser" but belongs to a different >> domain say the default domain for platform apps, (assumption here is >> that I have successfully modified the domain and database that belongs >> to "com.example.contentprovideruser" to "hm_phonebookaccess_app" and >> "hm_phonebookaccess_data_file" respectively) would platform app X, be >> able to do a raw binary access of the database which belongs to >> "com.example.contentprovideruser". > > > You had mentioned - Not if it runs in a separate process in its own domain. > > But I am facing an issue here. The platform app X is running a HTTP server. > Another application which is knowing about this HTTP server that the app X is > running, is able to make a http request to app X and passing an URI : > http://127.0.0.1/<path of the database>/database file and getting the entire > database file through app X. > How do I prevent app X from accessing the database. Why are you running a http server, and why are you exposing the database via http over a tcp socket? Why not just create a Unix/local domain socket or a binder service and offer access that way? Then it will only be accessible locally (not over the network), will support direct kernel access control over who can connect to the socket or call via binder, and will support passing of the sender credentials to the recipient, so that your app can implement its own finer-grained permission checks over what services are provided to each client. If you want to isolate network sockets, you'd need to configure and use SECMARK or NetLabel. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
