disallow priv-apps from following untrusted app symlinks. Untrustworthy symlinks dereferenced by priv-apps could cause those apps to access files they weren't intending to access. Trusted components such as priv-apps should never trust untrustworthy symlinks from untrusted apps. Modify the rules and add a neverallow assertion to prevent regressions. Bug: 123350324 Test: device boots and no obvious problems. Change-Id: I8c4a5c9c8571fd29b2844b20b4fd1126db4128c0

commit: 87e91237a43815016254e70a7b622ef448da54d7 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Jan 24 13:05:03 2019 -0800
committer: Nick Kralevich <nnk@google.com> Thu Jan 24 13:08:10 2019 -0800
tree: 07ceee950bbbdcbbc25e243ea81430ce33baa973
parent: 31bd80439f6c4bb46f0b77b2df45deec23246551 [diff] [blame]
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 9a6a300..3d3433e 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te

@@ -24,6 +24,9 @@
 allow ephemeral_app privapp_data_file:file { r_file_perms execute };
 allow ephemeral_app app_data_file:file     { r_file_perms execute };
 
+# Follow priv-app symlinks. This is used for dynamite functionality.
+allow ephemeral_app privapp_data_file:lnk_file r_file_perms;
+
 # Allow the renderscript compiler to be run.
 domain_auto_trans(ephemeral_app, rs_exec, rs)
commit	87e91237a43815016254e70a7b622ef448da54d7	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Jan 24 13:05:03 2019 -0800
committer	Nick Kralevich <nnk@google.com>	Thu Jan 24 13:08:10 2019 -0800
tree	07ceee950bbbdcbbc25e243ea81430ce33baa973
parent	31bd80439f6c4bb46f0b77b2df45deec23246551 [diff] [blame]