diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-02-20 12:30:31 -0500 |
---|---|---|
committer | dcashman <dcashman@google.com> | 2015-02-20 11:16:20 -0800 |
commit | 7d1b6c87924a74e2163763a659fcca870a672e3c (patch) | |
tree | b12a07121ed1098fad0d4647cae0721b13def47a /mls | |
parent | 47cd53a55855b911b80b54b68702f5ee5db51d00 (diff) | |
download | android_external_sepolicy-7d1b6c87924a74e2163763a659fcca870a672e3c.tar.gz android_external_sepolicy-7d1b6c87924a74e2163763a659fcca870a672e3c.tar.bz2 android_external_sepolicy-7d1b6c87924a74e2163763a659fcca870a672e3c.zip |
sepolicy: allow cross-user unnamed pipe access
Exempt unnamed pipes from the MLS constraints so that they can
be used for cross-user communications when passed over binder or
local socket IPC.
Addresses denials such as:
avc: denied { read } for path="pipe:[59071]" dev="pipefs" ino=59071 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=fifo_file
Bug: 19087939
Change-Id: I77d494c4a38bf473fec05b728eaf253484deeaf8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'mls')
-rw-r--r-- | mls | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -78,12 +78,13 @@ mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr appen # Special case for FIFOs. # These can be unnamed pipes, in which case they will be labeled with the # creating process' label. Thus we also have an exemption when the "object" -# is a MLS trusted subject and can receive data at any level. +# is a domain type, so that processes can communicate via unnamed pipes +# passed by binder or local socket IPC. mlsconstrain fifo_file { read getattr } - (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == mlstrustedsubject); + (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain); mlsconstrain fifo_file { write setattr append unlink link rename } - (l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == mlstrustedsubject); + (l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain); # # IPC constraints |