Something went wrong on our end
-
Stephen Smalley authoredPrior to this change, the init and recovery domains were allowed unrestricted use of context= mount options to force all files within a given filesystem to be treated as having a security context specified at mount time. The context= mount option can be used in device-specific fstab.<board> files to assign a context to filesystems that do not support labeling such as vfat where the default label of sdcard_external is not appropriate (e.g. /firmware on hammerhead). Restrict the use of context= mount options to types marked with the contextmount_type attribute, and then remove write access from such types from unconfineddomain and prohibit write access to such types via neverallow. This ensures that the no write to /system restriction cannot be bypassed via context= mount. Change-Id: I4e773fadc9e11328d13a0acec164124ad6e840c1 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredPrior to this change, the init and recovery domains were allowed unrestricted use of context= mount options to force all files within a given filesystem to be treated as having a security context specified at mount time. The context= mount option can be used in device-specific fstab.<board> files to assign a context to filesystems that do not support labeling such as vfat where the default label of sdcard_external is not appropriate (e.g. /firmware on hammerhead). Restrict the use of context= mount options to types marked with the contextmount_type attribute, and then remove write access from such types from unconfineddomain and prohibit write access to such types via neverallow. This ensures that the no write to /system restriction cannot be bypassed via context= mount. Change-Id: I4e773fadc9e11328d13a0acec164124ad6e840c1 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>