commit e7ec2f5258550a2cc0cb8c76ef24fc100a6b2cf1
author Stephen Smalley <sds@tycho.nsa.gov> Mon Dec 23 16:18:55 2013 -0500
committer Stephen Smalley <sds@tycho.nsa.gov> Thu Jan 02 21:26:51 2014 +0000
tree f0ed7d5c7bb0908148aa1df89d43f8af8ff62cde
parent ad7df7bb76ce00cdef711ad1f96a9a7243981f4e

Only allow PROT_EXEC for ashmem where required.

tmpfs_domain() macro defines a per-domain type and
allows access for tmpfs-backed files, including ashmem
regions.  execute-related permissions crept into it,
thereby allowing write + execute to ashmem regions for
most domains.  Move the execute permission out of tmpfs_domain()
to app_domain() and specific domains as required.
Drop execmod for now we are not seeing it.

Similarly, execute permission for /dev/ashmem crept into
binder_use() as it was common to many binder using domains.
Move it out of binder_use() to app_domain() and specific domains
as required.

Change-Id: I66f1dcd02932123eea5d0d8aaaa14d1b32f715bb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

system_server.te

diff --git a/system_server.te b/system_server.te
index 4c73627..1b60ea7 100644
--- a/system_server.te
+++ b/system_server.te
@@ -5,8 +5,13 @@
 type system_server, domain, mlstrustedsubject;
 permissive system_server;
 
+# Define a type for tmpfs-backed ashmem regions.
+tmpfs_domain(system_server)
+
 # Dalvik Compiler JIT Mapping.
 allow system_server self:process execmem;
+allow system_server ashmem_device:chr_file execute;
+allow system_server system_server_tmpfs:file execute;
 
 # For art.
 allow system_server dalvikcache_data_file:file execute;
@@ -95,7 +100,6 @@
 allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 
 # Perform Binder IPC.
-tmpfs_domain(system_server)
 binder_use(system_server)
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, appdomain)