diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-13 13:00:05 -0500 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2012-11-27 10:05:42 -0800 |
commit | e8848726553e3abee6033200c98a657c9ca7cdb8 (patch) | |
tree | 525a1e762f5b6a6bd46223aa82c8edd90c9d0929 /mls | |
parent | fdaa7869a5541b55413f59845dc5f7c56bab0614 (diff) | |
download | android_external_sepolicy-e8848726553e3abee6033200c98a657c9ca7cdb8.tar.gz android_external_sepolicy-e8848726553e3abee6033200c98a657c9ca7cdb8.tar.bz2 android_external_sepolicy-e8848726553e3abee6033200c98a657c9ca7cdb8.zip |
Add policy for run-as program.
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.
Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'mls')
-rw-r--r-- | mls | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -34,11 +34,10 @@ mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setrlimit # Socket constraints # -# These permissions are between the process and its local socket, -# not between a process/socket and its peer. -# Equivalence is the normal situation; anything else requires trust. -mlsconstrain socket_class_set { read write create getattr setattr relabelfrom relabelto bind connect listen accept getopt setopt shutdown } - ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject or t2 == mlstrustedsubject); +# Create/relabel operations: Subject must be equivalent to object unless +# the subject is trusted. Sockets inherit the range of their creator. +mlsconstrain socket_class_set { create relabelfrom relabelto } + ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject); # Datagram send: Sender must be dominated by receiver unless one of them is # trusted. |