system_server.te: expand app_data_file neverallow rule Block other operations which involve non-file descriptor operations. Change-Id: I5d813781c201a732aa1ee6ff6fd3d82f2af32ec7

commit: 0792d8a0f22ed444d2dc49e5bffa3c0e436c6ac5 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Sun Mar 20 20:29:09 2016 -0700
committer: Nick Kralevich <nnk@google.com> Sun Mar 20 20:29:09 2016 -0700
tree: 7d2dc0c02b939c007681c91a5f9accd5f02ec6d7
parent: 610f461ecf79865548a5a30e85d07d8cee87c14d [diff]
diff --git a/system_server.te b/system_server.te
index be4bac1..5a3573a 100644
--- a/system_server.te
+++ b/system_server.te

@@ -458,12 +458,12 @@
 neverallow system_server sdcard_type:dir { open read write };
 neverallow system_server sdcard_type:file rw_file_perms;
 
-# system server should never be opening zygote spawned app data
+# system server should never be operating on zygote spawned app data
 # files directly. Rather, they should always be passed via a
 # file descriptor.
 # Types extracted from seapp_contexts type= fields, excluding
 # those types that system_server needs to open directly.
-neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open;
+neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file { open create unlink link };
 
 # system_server should never be executing dex2oat. This is either
 # a bug (for example, bug 16317188), or represents an attempt by
commit	0792d8a0f22ed444d2dc49e5bffa3c0e436c6ac5	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Sun Mar 20 20:29:09 2016 -0700
committer	Nick Kralevich <nnk@google.com>	Sun Mar 20 20:29:09 2016 -0700
tree	7d2dc0c02b939c007681c91a5f9accd5f02ec6d7
parent	610f461ecf79865548a5a30e85d07d8cee87c14d [diff]