Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 3235f61aa859af1d1c3d060eb55cf1929bc6914f
commit3235f61aa859af1d1c3d060eb55cf1929bc6914f[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Fri May 30 10:25:00 2014 -0400
committerStephen Smalley <sds@tycho.nsa.gov>Fri May 30 18:30:11 2014 +0000
tree6f871ce4eef33bc1851ccfd7cb88c96b86fc3ba4
parente60723ab59f48626c6a700ba645bfe5eac6f0fc3 [diff]
Restrict /data/security and setprop selinux.reload_policy access.

Remove /data/security and setprop selinux.reload_policy access
from unconfineddomain, and only add back what is needed to
init (system_server already gets the required allow rules via
the selinux_manage_policy macro).

init (via init.rc post-fs-data) originally creates /data/security
and may later restorecon it.  init also sets the property (also from
init.rc post-fs-data) to trigger a reload once /data is mounted.
The system_server (SELinuxPolicyInstallReceiver in particular) creates
subdirectories under /data/security for updates, writes files to these
subdirectories, creates the /data/security/current symlink to the update
directory, and sets the property to trigger a reload when an update bundle
is received.

Add neverallow rules to ensure that we do not allow undesired access
to security_file or security_prop.

This is only truly meaningful if the support for /data/security policies
is restored, but is harmless otherwise.

Also drop the persist.mmac property_contexts entry; it was never used in
AOSP, only in our tree (for middleware MAC) and is obsolete.

Change-Id: I5ad5e3b6fc7abaafd314d31723f37b708d8fcf89
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
5 files changed
tree: 6f871ce4eef33bc1851ccfd7cb88c96b86fc3ba4
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dhcp.te
  14. dnsmasq.te
  15. domain.te
  16. drmserver.te
  17. dumpstate.te
  18. file.te
  19. file_contexts
  20. fs_use
  21. genfs_contexts
  22. global_macros
  23. gpsd.te
  24. hci_attach.te
  25. healthd.te
  26. hostapd.te
  27. init.te
  28. init_shell.te
  29. initial_sid_contexts
  30. initial_sids
  31. inputflinger.te
  32. installd.te
  33. isolated_app.te
  34. kernel.te
  35. keys.conf
  36. keystore.te
  37. lmkd.te
  38. logd.te
  39. mac_permissions.xml
  40. mdnsd.te
  41. mediaserver.te
  42. mls
  43. mls_macros
  44. mtp.te
  45. net.te
  46. netd.te
  47. nfc.te
  48. NOTICE
  49. platform_app.te
  50. policy_capabilities
  51. port_contexts
  52. ppp.te
  53. property.te
  54. property_contexts
  55. racoon.te
  56. radio.te
  57. README
  58. recovery.te
  59. rild.te
  60. roles
  61. runas.te
  62. sdcardd.te
  63. seapp_contexts
  64. security_classes
  65. selinux-network.sh
  66. servicemanager.te
  67. shared_relro.te
  68. shell.te
  69. shelldomain.te
  70. su.te
  71. surfaceflinger.te
  72. system_app.te
  73. system_server.te
  74. te_macros
  75. tee.te
  76. ueventd.te
  77. unconfined.te
  78. uncrypt.te
  79. untrusted_app.te
  80. users
  81. vold.te
  82. watchdogd.te
  83. wpa.te
  84. zygote.te