disallow priv-apps from following untrusted app symlinks. Untrustworthy symlinks dereferenced by priv-apps could cause those apps to access files they weren't intending to access. Trusted components such as priv-apps should never trust untrustworthy symlinks from untrusted apps. Modify the rules and add a neverallow assertion to prevent regressions. Bug: 123350324 Test: device boots and no obvious problems. Change-Id: I8c4a5c9c8571fd29b2844b20b4fd1126db4128c0

commit: 87e91237a43815016254e70a7b622ef448da54d7 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Jan 24 13:05:03 2019 -0800
committer: Nick Kralevich <nnk@google.com> Thu Jan 24 13:08:10 2019 -0800
tree: 07ceee950bbbdcbbc25e243ea81430ce33baa973
parent: 31bd80439f6c4bb46f0b77b2df45deec23246551 [diff] [blame]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 9b91806..712a360 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -25,6 +25,12 @@
 allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
 allow untrusted_app_all app_data_file:file     { r_file_perms execute };
 
+# Follow priv-app symlinks. This is used for dynamite functionality.
+allow untrusted_app_all privapp_data_file:lnk_file r_file_perms;
+
+# Allow handling of less common filesystem objects
+allow untrusted_app_all app_data_file:{ lnk_file sock_file fifo_file } create_file_perms;
+
 # Allow loading and deleting executable shared libraries
 # within an application home directory. Such shared libraries would be
 # created by things like renderscript or via other mechanisms.
commit	87e91237a43815016254e70a7b622ef448da54d7	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Jan 24 13:05:03 2019 -0800
committer	Nick Kralevich <nnk@google.com>	Thu Jan 24 13:08:10 2019 -0800
tree	07ceee950bbbdcbbc25e243ea81430ce33baa973
parent	31bd80439f6c4bb46f0b77b2df45deec23246551 [diff] [blame]