Add policy for run-as program.
Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.
Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/mls b/mls
index a4c214b..21eede5 100644
--- a/mls
+++ b/mls
@@ -34,11 +34,10 @@
# Socket constraints
#
-# These permissions are between the process and its local socket,
-# not between a process/socket and its peer.
-# Equivalence is the normal situation; anything else requires trust.
-mlsconstrain socket_class_set { read write create getattr setattr relabelfrom relabelto bind connect listen accept getopt setopt shutdown }
- ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject or t2 == mlstrustedsubject);
+# Create/relabel operations: Subject must be equivalent to object unless
+# the subject is trusted. Sockets inherit the range of their creator.
+mlsconstrain socket_class_set { create relabelfrom relabelto }
+ ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject);
# Datagram send: Sender must be dominated by receiver unless one of them is
# trusted.