Do not permit appdomain to create/write to download_file. The comment says that apps can read downloaded files, but the file_type_auto_trans() macro expands to permit create/write access. Also we don't need a type transition when staying in the same type as the parent directory so we only truly need allow rules here. Hence, we remove file_type_auto_trans() altogether, and add an allow rule for search access to the directory. If create/write access is truly required, then we can just change the allow rules to use rw_dir_perms and create_file_perms. Change-Id: Icd71c9678419442cfd8088317317efd4332f9b4a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 17454cf805748a8792608a44bbfddb00fb918841 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Sep 11 11:29:48 2013 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Fri Sep 13 16:50:04 2013 +0000
tree: adcbb0df9fa4118ce4e4be5886b5540b6a6cf249
parent: 5b00f223495ccb87cc8069d819bee6be9b3b99d6 [diff]
diff --git a/app.te b/app.te
index 65494ec..27079cd 100644
--- a/app.te
+++ b/app.te

@@ -81,8 +81,8 @@
 allow appdomain system_data_file:lnk_file getattr;
 
 # Allow all applications to read downloaded files
+allow appdomain download_file:dir search;
 allow appdomain download_file:file r_file_perms;
-file_type_auto_trans(appdomain, download_file, download_file)
 
 # Allow applications to communicate with netd via /dev/socket/dnsproxyd
 # to do DNS resolution
commit	17454cf805748a8792608a44bbfddb00fb918841	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Sep 11 11:29:48 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Fri Sep 13 16:50:04 2013 +0000
tree	adcbb0df9fa4118ce4e4be5886b5540b6a6cf249
parent	5b00f223495ccb87cc8069d819bee6be9b3b99d6 [diff]