Protect /data/property.

/data/property is only accessible by root and is used by the init property service for storing persistent property values. Create a separate type for it and only allow init to write to the directory and files within it. Ensure that we do not allow access to other domains in future changes or device-specific policy via a neverallow rule. Change-Id: Iff556b9606c5651c0f1bba902e30b59bdd6f063a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-05-29 09:22:16 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-05-29 13:43:37 +0000
commit: ad0d0fc722d04e465ce2b0bfd2f8e04714c75391 (patch)
tree: 320949e7d0aa474c1b80cf6c0336df5e824472af /file.te
parent: c8859c2d152e42b8084fa1cd08c875afc1bf2451 (diff)
download: android_external_sepolicy-ad0d0fc722d04e465ce2b0bfd2f8e04714c75391.tar.gz
android_external_sepolicy-ad0d0fc722d04e465ce2b0bfd2f8e04714c75391.tar.bz2
android_external_sepolicy-ad0d0fc722d04e465ce2b0bfd2f8e04714c75391.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/file.te b/file.te
index 874f45f..21bba2e 100644
--- a/file.te
+++ b/file.te
@@ -64,6 +64,8 @@ type dalvikcache_profiles_data_file, file_type, data_file_type;
 type shell_data_file, file_type, data_file_type;
 # /data/gps
 type gps_data_file, file_type, data_file_type;
+# /data/property
+type property_data_file, file_type, data_file_type;
 
 # /data/misc subdirectories
 type adb_keys_file, file_type, data_file_type;
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-05-29 09:22:16 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-05-29 13:43:37 +0000
commit	ad0d0fc722d04e465ce2b0bfd2f8e04714c75391 (patch)
tree	320949e7d0aa474c1b80cf6c0336df5e824472af /file.te
parent	c8859c2d152e42b8084fa1cd08c875afc1bf2451 (diff)
download	android_external_sepolicy-ad0d0fc722d04e465ce2b0bfd2f8e04714c75391.tar.gz android_external_sepolicy-ad0d0fc722d04e465ce2b0bfd2f8e04714c75391.tar.bz2 android_external_sepolicy-ad0d0fc722d04e465ce2b0bfd2f8e04714c75391.zip