Make sure exec_type is assigned to all entrypoint types.
Some file types used as domain entrypoints were missing the
exec_type attribute. Add it and add a neverallow rule to
keep it that way.
Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/domain.te b/domain.te
index 6321237..12aa898 100644
--- a/domain.te
+++ b/domain.te
@@ -138,3 +138,6 @@
# Only init should be able to load SELinux policies
neverallow { domain -init } kernel:security load_policy;
+
+# Ensure that all entrypoint executables are in exec_type.
+neverallow domain { file_type -exec_type }:file entrypoint;
diff --git a/ping.te b/ping.te
index 3c6254a..19f3a47 100644
--- a/ping.te
+++ b/ping.te
@@ -1,5 +1,5 @@
type ping, domain;
permissive ping;
-type ping_exec, file_type;
+type ping_exec, exec_type, file_type;
domain_auto_trans(shell, ping_exec, ping)
unconfined_domain(ping)
diff --git a/runas.te b/runas.te
index 50295a9..ec5e1c4 100644
--- a/runas.te
+++ b/runas.te
@@ -1,5 +1,5 @@
type runas, domain;
-type runas_exec, file_type;
+type runas_exec, exec_type, file_type;
permissive runas;
unconfined_domain(runas)
diff --git a/shell.te b/shell.te
index 89bc9be..8b51003 100644
--- a/shell.te
+++ b/shell.te
@@ -1,6 +1,6 @@
# Domain for shell processes spawned by ADB
type shell, domain;
-type shell_exec, file_type;
+type shell_exec, exec_type, file_type;
unconfined_domain(shell)
# Run app_process.
diff --git a/su.te b/su.te
index ca9fcc2..c1f002f 100644
--- a/su.te
+++ b/su.te
@@ -1,6 +1,6 @@
type su, domain;
permissive su;
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
domain_auto_trans(shell, su_exec, su)
# su is unconfined.
diff --git a/su_user.te b/su_user.te
index 77fc535..6f936a0 100644
--- a/su_user.te
+++ b/su_user.te
@@ -1,4 +1,4 @@
# File types must be defined for file_contexts.
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
# No allow rules