commit acc1701fd24d6977c3804d8d46e2899c88f536a7
author Nick Kralevich <nnk@google.com> Wed Mar 22 19:23:22 2017 +0000
committer android-build-merger <android-build-merger@google.com> Wed Mar 22 19:23:22 2017 +0000
tree a63d81146f752da0ba2b643f74ccdc7e7021822b
parent 52cc23c9f121289dcb7e584f96a895d01aa1995e
parent 6fcbd0f542197690da224d273c6bd5abbb18c44d

Merge "app.te: prevent locks of files on /system" am: cc45b87cfa
am: 6fcbd0f542

Change-Id: Ibc6947686cc6edf439e25cda9aaf5b1444da6c8c

private/app.te

diff --git a/private/app.te b/private/app.te
index f21887e..ed2d8b6 100644
--- a/private/app.te
+++ b/private/app.te
@@ -87,11 +87,12 @@
 
 # Execute the shell or other system executables.
 allow { appdomain -ephemeral_app -untrusted_v2_app } shell_exec:file rx_file_perms;
-allow { appdomain -ephemeral_app -untrusted_v2_app } system_file:file rx_file_perms;
+allow { appdomain -ephemeral_app -untrusted_v2_app } system_file:file x_file_perms;
 allow { appdomain -ephemeral_app -untrusted_v2_app } toolbox_exec:file rx_file_perms;
 
 # Renderscript needs the ability to read directories on /system
-r_dir_file(appdomain, system_file)
+allow appdomain system_file:dir r_dir_perms;
+allow appdomain system_file:lnk_file { getattr open read };
 
 # Execute dex2oat when apps call dexclassloader
 allow appdomain dex2oat_exec:file rx_file_perms;

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 15ab764..5e47b68 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -100,3 +100,7 @@
 
 # Do not allow untrusted apps access to preloads data files
 neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
+
+# Locking of files on /system could lead to denial of service attacks
+# against privileged system components
+neverallow all_untrusted_apps system_file:file lock;