relax fuse_device neverallow rules The fuse_device neverallow rules are too aggressive and are inhibiting certain vendor customizations. Relax the /dev/fuse neverallow rules so that they better reflect the security invariants we want to uphold. Bug: 37496487 Test: policy compiles. Change-Id: Ie73b0ba7c76446afc2a7a23ebed1275c977d932d

commit: 45766d4178e443b29fee8cd9c8917847ea3a4cf1 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Apr 26 11:40:48 2017 -0700
committer: Nick Kralevich <nnk@google.com> Wed Apr 26 11:43:40 2017 -0700
tree: 27b7a6532d43ff19f77409f0d4e072ca532a566f
parent: 53b2c80949cae87f7407445c04c8f8471b4085ef [diff] [blame]
diff --git a/private/platform_app.te b/private/platform_app.te
index 984bb7b..fd4634a 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te

@@ -61,3 +61,10 @@
 allow platform_app preloads_media_file:dir r_dir_perms;
 
 read_runtime_log_tags(platform_app)
+
+###
+### Neverallow rules
+###
+
+# app domains which access /dev/fuse should not run as platform_app
+neverallow platform_app fuse_device:chr_file *;
commit	45766d4178e443b29fee8cd9c8917847ea3a4cf1	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Apr 26 11:40:48 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Apr 26 11:43:40 2017 -0700
tree	27b7a6532d43ff19f77409f0d4e072ca532a566f
parent	53b2c80949cae87f7407445c04c8f8471b4085ef [diff] [blame]