diff options
author | William Roberts <william.c.roberts@linux.intel.com> | 2015-05-12 20:32:29 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-06-18 11:47:13 -0700 |
commit | 7c065a9f138e5e552b087a307d15c870b6a58553 (patch) | |
tree | 3f5f62a08df847032d4f8bd9aa3a775c92f84642 | |
parent | b39ff99ed87c71b7f1e512afbeec1ac2122c2c29 (diff) | |
download | sepolicy-7c065a9f138e5e552b087a307d15c870b6a58553.tar.gz |
neverallow "write ops" on system_data_file from "others"
Only a few system level components should be creating and writing
these files, force a type transition for shared files.
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
(cherry picked from commit 529a8634e1d31967db2600ba27e55fc35b7d0195)
Change-Id: I9c4df4e332426e253dd6fcd4f8ea0348dc3a5f54
Bug: 21924438
-rw-r--r-- | domain.te | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -424,3 +424,22 @@ neverallow { domain -init } proc:{ file dir } mounton; # from a domain to a non-domain type and vice versa. neverallow domain ~domain:process { transition dyntransition }; neverallow ~domain domain:process { transition dyntransition }; + +# +# Only system_app and system_server should be creating or writing +# their files. The proper way to share files is to setup +# type transitions to a more specific type or assigning a type +# to its parent directory via a file_contexts entry. +# Example type transition: +# mydomain.te:file_type_auto_trans(mydomain, system_data_file, new_file_type) +# +neverallow { + domain + -system_server + -system_app + -init + -installd # for relabelfrom and unlink, check for this in explicit neverallow +} system_data_file:file no_w_file_perms; +# do not grant anything greater than r_file_perms and relabelfrom unlink +# to installd +neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink }; |