I like the idea of adding a neverallow for that - how about the equivalent for platform_app too?
Since the device vendor has control over what apps go into the system_app and platform_app domains, it seems reasonable to levy requirements that those apps follow best practices like not updating their own executables or placing executables in locations that the app can write to. (though I haven’t looked at the details of where system_app can write to vs. other apps) Semi-related given recent news reports [1], I’m also curious how many apps run as system that don’t actually need to, or if some of the existing apps that run as system could be easily modified to not need to run as system anymore. Mike [1] https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ From: "Roberts, William C" Date: Monday, June 22, 2015 at 12:57 AM To: "[email protected]<mailto:[email protected]>" Subject: system_app execute on system_app_data_file Thoughts on allowing system_app domain execute on its system_app_data_file type? I would be leaning towards a no for this with a neverallow and have anything that needs to do this moved into its own domain with its own data file type. Such a neverallow doesn’t exist on AOSP master as of today.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
