neverallow read to shell- and app-writable symlinks.
To reduce the likelihood of malicious symlink attacks, neverallow
read access to shell- and app-writable symlinks.
Change-Id: I0dea1e6e4f0ce34531100696d230294e1b8a5500
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/domain.te b/domain.te
index f787d4a..73043f5 100644
--- a/domain.te
+++ b/domain.te
@@ -452,3 +452,20 @@
-runas
-zygote
} shell:process { transition dyntransition };
+
+# Minimize read access to shell- or app-writable symlinks.
+# This is to prevent malicious symlink attacks.
+neverallow {
+ domain
+ -appdomain
+ -installd
+ -uncrypt # TODO: see if we can remove
+} app_data_file:lnk_file read;
+
+neverallow {
+ domain
+ -shell
+ userdebug_or_eng(`-uncrypt')
+ -installd
+ -surfaceflinger # TODO: see if we can remove from mako sepolicy
+} shell_data_file:lnk_file read;