relax fuse_device neverallow rules The fuse_device neverallow rules are too aggressive and are inhibiting certain vendor customizations. Relax the /dev/fuse neverallow rules so that they better reflect the security invariants we want to uphold. Bug: 37496487 Test: policy compiles. Change-Id: Ie73b0ba7c76446afc2a7a23ebed1275c977d932d

commit: 45766d4178e443b29fee8cd9c8917847ea3a4cf1 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Apr 26 11:40:48 2017 -0700
committer: Nick Kralevich <nnk@google.com> Wed Apr 26 11:43:40 2017 -0700
tree: 27b7a6532d43ff19f77409f0d4e072ca532a566f
parent: 53b2c80949cae87f7407445c04c8f8471b4085ef [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 0f0f577..bb37ceb 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -87,6 +87,9 @@
   ')
 }:dir_file_class_set { create unlink };
 
+# No untrusted component should be touching /dev/fuse
+neverallow all_untrusted_apps fuse_device:chr_file *;
+
 # Do not allow untrusted apps to directly open tun_device
 neverallow all_untrusted_apps tun_device:chr_file open;
commit	45766d4178e443b29fee8cd9c8917847ea3a4cf1	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Apr 26 11:40:48 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Apr 26 11:43:40 2017 -0700
tree	27b7a6532d43ff19f77409f0d4e072ca532a566f
parent	53b2c80949cae87f7407445c04c8f8471b4085ef [diff] [blame]