diff options
| author | Nick Kralevich <nnk@google.com> | 2014-09-21 23:35:24 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-09-21 23:49:37 -0700 |
| commit | 642b80427ec2e95eb13cf03a74d814f240813e71 (patch) | |
| tree | 7a5569f19674d23ccdce93fd864ac7869cdf8f76 /untrusted_app.te | |
| parent | dd053a9b891195439b1c0848cb0e8a6e17b4b9bc (diff) | |
| download | android_external_sepolicy-642b80427ec2e95eb13cf03a74d814f240813e71.tar.gz android_external_sepolicy-642b80427ec2e95eb13cf03a74d814f240813e71.tar.bz2 android_external_sepolicy-642b80427ec2e95eb13cf03a74d814f240813e71.zip | |
relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets
Netlink uevent sockets are used by the kernel to inform userspace
when certain events occur, for example, when new hardware is added
or removed. This allows userspace to take some action based on those
messages.
Relax the neverallow rule for NETLINK_KOBJECT_UEVENT sockets.
Certain device specific app domains, such as system_app, may have a
need to receive messages from this socket type.
Continue to neverallow NETLINK_KOBJECT_UEVENT sockets for untrusted_app.
These sockets have been the source of rooting attacks in Android
in the past, and it doesn't make sense to expose this to untrusted_apps.
No new SELinux rules are introduced by this change. This is an
adjustment of compile time assertions only.
Bug: 17525863
Change-Id: I3e538dc8096dc23b9678bcd20e3c1e742c21c967
Diffstat (limited to 'untrusted_app.te')
| -rw-r--r-- | untrusted_app.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index ea20e56..7e67ea8 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -81,6 +81,9 @@ auditallow untrusted_app { ### neverallow rules ### +# Receive or send uevent messages. +neverallow untrusted_app self:netlink_kobject_uevent_socket *; + # Too much leaky information in debugfs. It's a security # best practice to ensure these files aren't readable. neverallow untrusted_app debugfs:file read; |