Merge "recovery.te: add /data neverallow rules"

commit: f7e98fe2c988d88a4a98a1fdfd07561cef013e5c [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Nov 06 18:58:35 2014 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Nov 06 18:58:35 2014 +0000
tree: 58455c4c90fdf0a77e90af8092d0e37069b96724
parent: 35a4ed80a68d71df2cf138d17ea09fd782a1d73e [diff]
parent: a17a266e7e466d281f0730449c492de46390fc76 [diff]
diff --git a/wpa.te b/wpa.te
index 7b1a875..d6fae63 100644
--- a/wpa.te
+++ b/wpa.te

@@ -37,3 +37,11 @@
 userdebug_or_eng(`
   unix_socket_send(wpa, wpa, su)
 ')
+
+###
+### neverallow rules
+###
+
+# wpa_supplicant should not trust any data from sdcards
+neverallow wpa sdcard_type:dir ~getattr;
+neverallow wpa sdcard_type:file *;
commit	f7e98fe2c988d88a4a98a1fdfd07561cef013e5c	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Nov 06 18:58:35 2014 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Nov 06 18:58:35 2014 +0000
tree	58455c4c90fdf0a77e90af8092d0e37069b96724
parent	35a4ed80a68d71df2cf138d17ea09fd782a1d73e [diff]
parent	a17a266e7e466d281f0730449c492de46390fc76 [diff]