From 0eca949a6c271b879d582e01c3d1d79dc704172c Mon Sep 17 00:00:00 2001
From: Zach Riggle <zachriggle@users.noreply.github.com>
Date: Mon, 17 Sep 2018 04:33:11 -0500
Subject: RFC: android: Add support for untrusted_app sandboxing (#697)

executor: add support for android_untrusted_app sandbox

This adds a new sandbox type, 'android_untrusted_app', which restricts
syz-executor to the privileges which are available to third-party applications,
e.g. those installed from the Google Play store.

In particular, this uses the UID space reserved for applications (instead of
the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534)
as well as a set of groups which the Android-specific kernels are aware of,
and finally ensures that the SELinux context is set appropriately.

Dependencies on libselinux are avoided by manually implementing the few
functions that are needed to change the context of the current process,
and arbitrary files.  The underlying mechanisms are relatively simple.

Fixes google/syzkaller#643

Test: make presubmit
Bug: http://b/112900774
---
 executor/common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'executor/common.h')

diff --git a/executor/common.h b/executor/common.h
index 15b279956..fdc35436c 100644
--- a/executor/common.h
+++ b/executor/common.h
@@ -628,7 +628,7 @@ static void loop(void)
 
 [[RESULTS]]
 
-#if SYZ_THREADED || SYZ_REPEAT || SYZ_SANDBOX_NONE || SYZ_SANDBOX_SETUID || SYZ_SANDBOX_NAMESPACE
+#if SYZ_THREADED || SYZ_REPEAT || SYZ_SANDBOX_NONE || SYZ_SANDBOX_SETUID || SYZ_SANDBOX_NAMESPACE || SYZ_SANDBOX_ANDROID_UNTRUSTED_APP
 #if SYZ_THREADED
 void execute_call(int call)
 #elif SYZ_REPEAT
-- 
cgit mrf-deployment