1 ### 2 ### Apps that run with the system UID, e.g. com.android.system.ui, 3 ### com.android.settings. These are not as privileged as the system 4 ### server. 5 ### 6 7 typeattribute system_app coredomain; 8 9 app_domain(system_app) 10 net_domain(system_app) 11 binder_service(system_app) 12 13 # android.ui and system.ui 14 allow system_app rootfs:dir getattr; 15 16 # Read and write /data/data subdirectory. 17 allow system_app system_app_data_file:dir create_dir_perms; 18 allow system_app system_app_data_file:{ file lnk_file } create_file_perms; 19 20 # Read and write to /data/misc/user. 21 allow system_app misc_user_data_file:dir create_dir_perms; 22 allow system_app misc_user_data_file:file create_file_perms; 23 24 # Access to vold-mounted storage for measuring free space 25 allow system_app mnt_media_rw_file:dir search; 26 27 # Read wallpaper file. 28 allow system_app wallpaper_file:file r_file_perms; 29 30 # Read icon file. 31 allow system_app icon_file:file r_file_perms; 32 33 # Write to properties 34 set_prop(system_app, bluetooth_a2dp_offload_prop) 35 set_prop(system_app, bluetooth_prop) 36 set_prop(system_app, debug_prop) 37 set_prop(system_app, system_prop) 38 set_prop(system_app, exported_bluetooth_prop) 39 set_prop(system_app, exported_system_prop) 40 set_prop(system_app, exported2_system_prop) 41 set_prop(system_app, exported3_system_prop) 42 set_prop(system_app, logd_prop) 43 set_prop(system_app, net_radio_prop) 44 set_prop(system_app, system_radio_prop) 45 set_prop(system_app, exported_system_radio_prop) 46 set_prop(system_app, log_tag_prop) 47 userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)') 48 auditallow system_app net_radio_prop:property_service set; 49 auditallow system_app system_radio_prop:property_service set; 50 auditallow system_app exported_system_radio_prop:property_service set; 51 52 # ctl interface 53 set_prop(system_app, ctl_default_prop) 54 set_prop(system_app, ctl_bugreport_prop) 55 56 # Create /data/anr/traces.txt. 57 allow system_app anr_data_file:dir ra_dir_perms; 58 allow system_app anr_data_file:file create_file_perms; 59 60 # Settings need to access app name and icon from asec 61 allow system_app asec_apk_file:file r_file_perms; 62 63 # Allow system apps (like Settings) to interact with statsd 64 binder_call(system_app, statsd) 65 66 # Allow system apps to interact with incidentd 67 binder_call(system_app, incidentd) 68 69 allow system_app servicemanager:service_manager list; 70 # TODO: scope this down? Too broad? 71 allow system_app { 72 service_manager_type 73 -dumpstate_service 74 -installd_service 75 -netd_service 76 -virtual_touchpad_service 77 -vold_service 78 -vr_hwc_service 79 }:service_manager find; 80 # suppress denials for services system_app should not be accessing. 81 dontaudit system_app { 82 dumpstate_service 83 installd_service 84 netd_service 85 virtual_touchpad_service 86 vold_service 87 vr_hwc_service 88 }:service_manager find; 89 90 allow system_app keystore:keystore_key { 91 get_state 92 get 93 insert 94 delete 95 exist 96 list 97 reset 98 password 99 lock 100 unlock 101 is_empty 102 sign 103 verify 104 grant 105 duplicate 106 clear_uid 107 user_changed 108 }; 109 110 # settings app reads /proc/version 111 allow system_app { 112 proc_version 113 }:file r_file_perms; 114 115 control_logd(system_app) 116 read_runtime_log_tags(system_app) 117 get_prop(system_app, device_logging_prop) 118 119 # allow system apps to use UDP sockets provided by the system server but not 120 # modify them other than to connect 121 allow system_app system_server:udp_socket { 122 connect getattr read recvfrom sendto write getopt setopt }; 123 124 ### 125 ### Neverallow rules 126 ### 127 128 # app domains which access /dev/fuse should not run as system_app 129 neverallow system_app fuse_device:chr_file *; 130
