neverallow shell file_type:file link

Change-Id: I77ce4331d70edebcecc753b2e67ffab1de3ae98e
author: Nick Kralevich <nnk@google.com> 2015-04-16 08:43:10 -0700
committer: Nick Kralevich <nnk@google.com> 2015-04-16 08:43:10 -0700
commit: e0c8da253c8135e72bd84729d44e6b254d83f64b (patch)
tree: eebfa5c120c928bd6d57aa58eabd415ea7be3fd3 /shell.te
parent: e96c3abe2e86f3ecdfdb7770629e9f73ff1e96d1 (diff)
download: android_external_sepolicy-e0c8da253c8135e72bd84729d44e6b254d83f64b.tar.gz
android_external_sepolicy-e0c8da253c8135e72bd84729d44e6b254d83f64b.tar.bz2
android_external_sepolicy-e0c8da253c8135e72bd84729d44e6b254d83f64b.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/shell.te b/shell.te
index 0ce2cc4..e7ea149 100644
--- a/shell.te
+++ b/shell.te
@@ -75,3 +75,11 @@ allow shell domain:process getattr;
 # and read other files created by init process under /data/bootchart
 allow shell bootchart_data_file:dir rw_dir_perms;
 allow shell bootchart_data_file:file create_file_perms;
+
+# Do not allow shell to hard link to any files.
+# In particular, if shell hard links to app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure the shell user never has this
+# capability.
+neverallow shell file_type:file link;
author	Nick Kralevich <nnk@google.com>	2015-04-16 08:43:10 -0700
committer	Nick Kralevich <nnk@google.com>	2015-04-16 08:43:10 -0700
commit	e0c8da253c8135e72bd84729d44e6b254d83f64b (patch)
tree	eebfa5c120c928bd6d57aa58eabd415ea7be3fd3 /shell.te
parent	e96c3abe2e86f3ecdfdb7770629e9f73ff1e96d1 (diff)
download	android_external_sepolicy-e0c8da253c8135e72bd84729d44e6b254d83f64b.tar.gz android_external_sepolicy-e0c8da253c8135e72bd84729d44e6b254d83f64b.tar.bz2 android_external_sepolicy-e0c8da253c8135e72bd84729d44e6b254d83f64b.zip