Merge "New rules for SID access"
diff --git a/domain.te b/domain.te
index 87ec2ee..c7fe3be 100644
--- a/domain.te
+++ b/domain.te
@@ -397,3 +397,5 @@
# TODO: prohibit non-zygote spawned processes from using shared libraries
# with text relocations. b/20013628 .
# neverallow { domain -appdomain } file_type:file execmod;
+
+neverallow { domain -init } proc:{ file dir } mounton;
diff --git a/shell.te b/shell.te
index 0ce2cc4..e7ea149 100644
--- a/shell.te
+++ b/shell.te
@@ -75,3 +75,11 @@
# and read other files created by init process under /data/bootchart
allow shell bootchart_data_file:dir rw_dir_perms;
allow shell bootchart_data_file:file create_file_perms;
+
+# Do not allow shell to hard link to any files.
+# In particular, if shell hard links to app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure the shell user never has this
+# capability.
+neverallow shell file_type:file link;
diff --git a/su.te b/su.te
index 58c75f6..9c01fc5 100644
--- a/su.te
+++ b/su.te
@@ -49,5 +49,6 @@
dontaudit su keystore:keystore_key *;
dontaudit su domain:debuggerd *;
dontaudit su domain:drmservice *;
+ dontaudit su unlabeled:filesystem *;
service_manager_local_audit_domain(su)
')