| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 1 | type runas, domain, mlstrustedsubject; |
| 2 | type runas_exec, system_file_type, exec_type, file_type; |
| 3 | |
| 4 | allow runas adbd:fd use; |
| 5 | allow runas adbd:process sigchld; |
| 6 | allow runas adbd:unix_stream_socket { read write }; |
| 7 | allow runas shell:fd use; |
| 8 | allow runas shell:fifo_file { read write }; |
| 9 | allow runas shell:unix_stream_socket { read write }; |
| 10 | allow runas devpts:chr_file { read write ioctl }; |
| 11 | allow runas shell_data_file:file { read write }; |
| 12 | |
| 13 | # run-as reads package information. |
| 14 | allow runas system_data_file:file r_file_perms; |
| 15 | allow runas system_data_file:lnk_file getattr; |
| 16 | allow runas packages_list_file:file r_file_perms; |
| 17 | |
| 18 | # The app's data dir may be accessed through a symlink. |
| 19 | allow runas system_data_file:lnk_file read; |
| 20 | |
| 21 | # run-as checks and changes to the app data dir. |
| 22 | dontaudit runas self:global_capability_class_set { dac_override dac_read_search }; |
| 23 | allow runas app_data_file:dir { getattr search }; |
| 24 | |
| 25 | # run-as switches to the app UID/GID. |
| 26 | allow runas self:global_capability_class_set { setuid setgid }; |
| 27 | |
| 28 | # run-as switches to the app security context. |
| 29 | selinux_check_context(runas) # validate context |
| 30 | allow runas self:process setcurrent; |
| 31 | allow runas non_system_app_set:process dyntransition; # setcon |
| 32 | |
| 33 | # runas/libselinux needs access to seapp_contexts_file to |
| 34 | # determine which domain to transition to. |
| 35 | allow runas seapp_contexts_file:file r_file_perms; |
| 36 | |
| 37 | ### |
| 38 | ### neverallow rules |
| 39 | ### |
| 40 | |
| 41 | # run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID |
| 42 | neverallow runas self:global_capability_class_set ~{ setuid setgid }; |
| 43 | neverallow runas self:global_capability2_class_set *; |