diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-05-23 11:26:19 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-05-23 13:14:22 -0400 |
| commit | 356f4be679544363466dad93e7bee68b2a6f2cf0 (patch) | |
| tree | c8546dcc31738c6fac03d7c1ce6ba65665aad45e /recovery.te | |
| parent | 4fce0ef97c2a4cb6e0ce2adf17c012c8be6252bf (diff) | |
| download | android_external_sepolicy-356f4be679544363466dad93e7bee68b2a6f2cf0.tar.gz android_external_sepolicy-356f4be679544363466dad93e7bee68b2a6f2cf0.tar.bz2 android_external_sepolicy-356f4be679544363466dad93e7bee68b2a6f2cf0.zip | |
Restrict requesting contexts other than policy-defined defaults.
Writing to the /proc/self/attr files (encapsulated by the libselinux
set*con functions) enables a program to request a specific security
context for various operations instead of the policy-defined defaults.
The security context specified using these calls is checked by an
operation-specific permission, e.g. dyntransition for setcon,
transition for setexeccon, create for setfscreatecon or
setsockcreatecon, but the ability to request a context at all
is controlled by a process permission. Omit these permissions from
domain.te and only add them back where required so that only specific
domains can even request a context other than the default defined by
the policy.
Change-Id: I6a2fb1279318625a80f3ea8e3f0932bdbe6df676
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'recovery.te')
| -rw-r--r-- | recovery.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/recovery.te b/recovery.te index cfec161..c132983 100644 --- a/recovery.te +++ b/recovery.te @@ -15,3 +15,6 @@ allow recovery dev_type:blk_file rw_file_perms; allow recovery self:process execmem; allow recovery ashmem_device:chr_file execute; allow recovery tmpfs:file rx_file_perms; + +# Use setfscreatecon() to label files for OTA updates. +allow recovery self:process setfscreate; |