xref: /aosp_15_r20/system/sepolicy/prebuilts/api/32.0/private/system_app.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1###
2### Apps that run with the system UID, e.g. com.android.system.ui,
3### com.android.settings.  These are not as privileged as the system
4### server.
5###
6
7typeattribute system_app coredomain, mlstrustedsubject;
8
9app_domain(system_app)
10net_domain(system_app)
11binder_service(system_app)
12
13# android.ui and system.ui
14allow system_app rootfs:dir getattr;
15
16# Read and write /data/data subdirectory.
17allow system_app system_app_data_file:dir create_dir_perms;
18allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
19
20# Read and write to /data/misc/user.
21allow system_app misc_user_data_file:dir create_dir_perms;
22allow system_app misc_user_data_file:file create_file_perms;
23
24# Access to apex files stored on /data (b/136063500)
25# Needed so that Settings can access NOTICE files inside apex
26# files located in the assets/ directory.
27allow system_app apex_data_file:dir search;
28allow system_app staging_data_file:file r_file_perms;
29
30# Read wallpaper file.
31allow system_app wallpaper_file:file r_file_perms;
32
33# Read icon file.
34allow system_app icon_file:file r_file_perms;
35
36# Write to properties
37set_prop(system_app, arm64_memtag_prop)
38set_prop(system_app, bluetooth_a2dp_offload_prop)
39set_prop(system_app, bluetooth_audio_hal_prop)
40set_prop(system_app, bluetooth_prop)
41set_prop(system_app, debug_prop)
42set_prop(system_app, system_prop)
43set_prop(system_app, exported_bluetooth_prop)
44set_prop(system_app, exported_system_prop)
45set_prop(system_app, exported3_system_prop)
46set_prop(system_app, logd_prop)
47set_prop(system_app, net_radio_prop)
48set_prop(system_app, usb_control_prop)
49set_prop(system_app, usb_prop)
50set_prop(system_app, log_tag_prop)
51userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
52auditallow system_app net_radio_prop:property_service set;
53auditallow system_app usb_control_prop:property_service set;
54auditallow system_app usb_prop:property_service set;
55# Allow Settings to enable Dynamic System Update
56set_prop(system_app, dynamic_system_prop)
57
58# ctl interface
59set_prop(system_app, ctl_default_prop)
60set_prop(system_app, ctl_bugreport_prop)
61
62# Allow developer settings to query gsid status
63get_prop(system_app, gsid_prop)
64
65# Create /data/anr/traces.txt.
66allow system_app anr_data_file:dir ra_dir_perms;
67allow system_app anr_data_file:file create_file_perms;
68
69# Settings need to access app name and icon from asec
70allow system_app asec_apk_file:file r_file_perms;
71
72# Allow system apps (like Settings) to interact with statsd
73binder_call(system_app, statsd)
74
75# Allow system apps to interact with incidentd
76binder_call(system_app, incidentd)
77
78# Allow system app to interact with Dumpstate HAL
79hal_client_domain(system_app, hal_dumpstate)
80
81allow system_app servicemanager:service_manager list;
82# TODO: scope this down? Too broad?
83allow system_app {
84  service_manager_type
85  -apex_service
86  -dnsresolver_service
87  -dumpstate_service
88  -installd_service
89  -iorapd_service
90  -lpdump_service
91  -netd_service
92  -system_suspend_control_internal_service
93  -system_suspend_control_service
94  -tracingproxy_service
95  -virtual_touchpad_service
96  -vold_service
97  -vr_hwc_service
98  -default_android_service
99}:service_manager find;
100# suppress denials for services system_app should not be accessing.
101dontaudit system_app {
102  dnsresolver_service
103  dumpstate_service
104  installd_service
105  iorapd_service
106  netd_service
107  virtual_touchpad_service
108  vold_service
109  vr_hwc_service
110}:service_manager find;
111
112# suppress denials caused by debugfs_tracing
113dontaudit system_app debugfs_tracing:file rw_file_perms;
114
115allow system_app keystore:keystore_key {
116    get_state
117    get
118    insert
119    delete
120    exist
121    list
122    reset
123    password
124    lock
125    unlock
126    is_empty
127    sign
128    verify
129    grant
130    duplicate
131    clear_uid
132    user_changed
133};
134
135allow system_app keystore:keystore2_key {
136    delete
137    get_info
138    grant
139    rebind
140    update
141    use
142};
143
144# Allow Settings to manage WI-FI keys.
145allow system_app wifi_key:keystore2_key {
146    delete
147    get_info
148    rebind
149    update
150    use
151};
152
153# settings app reads /proc/version
154allow system_app {
155  proc_version
156}:file r_file_perms;
157
158# Settings app writes to /dev/stune/foreground/tasks.
159allow system_app cgroup:file w_file_perms;
160allow system_app cgroup_v2:file w_file_perms;
161
162control_logd(system_app)
163read_runtime_log_tags(system_app)
164get_prop(system_app, device_logging_prop)
165
166# allow system apps to use UDP sockets provided by the system server but not
167# modify them other than to connect
168allow system_app system_server:udp_socket {
169        connect getattr read recvfrom sendto write getopt setopt };
170
171# Settings app reads ro.oem_unlock_supported
172get_prop(system_app, oem_unlock_prop)
173
174# Allow system apps to act as Perfetto producers.
175perfetto_producer(system_app)
176
177###
178### Neverallow rules
179###
180
181# app domains which access /dev/fuse should not run as system_app
182neverallow system_app fuse_device:chr_file *;
183
184# Apps which run as UID=system should not rely on any attacker controlled
185# filesystem locations, such as /data/local/tmp. For /data/local/tmp, we
186# allow writes to files passed by file descriptor to support dumpstate and
187# bug reports, but not reads.
188neverallow system_app shell_data_file:dir { no_w_dir_perms open search read };
189neverallow system_app shell_data_file:file { open read ioctl lock };
190