Initial impl issue #143085640: Per-process network access control
Add new manifest tags for declaring processes that an app
will use. While declaring these processes, one can specify
specific permissions that will be denied to that process.
Doing so will result in any gids associated with that permission
from being given to that process, and any permission checks
that include a pid (which is not all of them) will fail when
checking a permission for that process.
For now, we limit these declarations to only the internet
permission, since we really need to do a lot of auditing to
determine how many other permissions can be denied (based on
how many permission checks for it are including the pid).
That said, this is explicitly not a security guarantee, so it
isn't a problem if there are ways around it (the process could
always IPC to another of the app's processes to do the same
thing).
One thing to be done is have the parser enforce that once an
app declares processes, it can only run things in those processes
and no others.
At this point the code is not yet tested at all. That will be
coming in later. This gets the APIs and various infrastructure
in place.
Bug: 143085640
Test: not yet tested
Change-Id: I27e8d0c811a5004fe251883f243517bb00d32d67
14 files changed