Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 16873c10d3151b2eac7be24c9b5f031e7b274f44
commit16873c10d3151b2eac7be24c9b5f031e7b274f44[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Thu Jun 18 14:20:38 2015 -0400
committerNick Kralevich <nnk@google.com>Thu Jun 18 12:54:36 2015 -0700
tree8afc24290677ab2b534ed7a1de4a66b4f1cc6f66
parent646202704d869055784ab8561535e85f9d29734e [diff]
neverallow read to shell- and app-writable symlinks.

To reduce the likelihood of malicious symlink attacks, neverallow
read access to shell- and app-writable symlinks.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
(cherry picked from commit 9d439d3d4f6d5aa30b090f638f20841a3e3e72b2)

Bug: 21924438
Change-Id: Icf1ccca71ef4395de8be8503359f76f89cc9e1a5
1 file changed
tree: 8afc24290677ab2b534ed7a1de4a66b4f1cc6f66
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. blkid.te
  9. blkid_untrusted.te
  10. bluetooth.te
  11. bootanim.te
  12. clatd.te
  13. debuggerd.te
  14. device.te
  15. dex2oat.te
  16. dhcp.te
  17. dnsmasq.te
  18. domain.te
  19. drmserver.te
  20. dumpstate.te
  21. file.te
  22. file_contexts
  23. fingerprintd.te
  24. fs_use
  25. fsck.te
  26. fsck_untrusted.te
  27. gatekeeperd.te
  28. genfs_contexts
  29. global_macros
  30. gpsd.te
  31. hci_attach.te
  32. healthd.te
  33. hostapd.te
  34. init.te
  35. initial_sid_contexts
  36. initial_sids
  37. inputflinger.te
  38. install_recovery.te
  39. installd.te
  40. ioctl_macros
  41. isolated_app.te
  42. kernel.te
  43. keys.conf
  44. keystore.te
  45. lmkd.te
  46. logd.te
  47. mac_permissions.xml
  48. mdnsd.te
  49. mediaserver.te
  50. mls
  51. mls_macros
  52. mtp.te
  53. net.te
  54. netd.te
  55. neverallow_macros
  56. nfc.te
  57. NOTICE
  58. perfprofd.te
  59. platform_app.te
  60. policy_capabilities
  61. port_contexts
  62. ppp.te
  63. procrank.te
  64. property.te
  65. property_contexts
  66. racoon.te
  67. radio.te
  68. README
  69. recovery.te
  70. rild.te
  71. roles
  72. runas.te
  73. sdcardd.te
  74. seapp_contexts
  75. security_classes
  76. service.te
  77. service_contexts
  78. servicemanager.te
  79. sgdisk.te
  80. shared_relro.te
  81. shell.te
  82. slideshow.te
  83. su.te
  84. surfaceflinger.te
  85. system_app.te
  86. system_server.te
  87. te_macros
  88. tee.te
  89. toolbox.te
  90. tzdatacheck.te
  91. ueventd.te
  92. uncrypt.te
  93. untrusted_app.te
  94. users
  95. vdc.te
  96. vold.te
  97. watchdogd.te
  98. wpa.te
  99. zygote.te