-
William Roberts authoredOccasionally, files get labeled with the domain type rather than the executable file type. This can work if the author uses domain_auto_trans() versus init_daemon_domain(). This will cause a lot of issues and is typically not what the author intended. Another case where exec on domain type might occur, is if someone attempts to execute a /proc/pid file, this also does not make sense. To prevent this, we add a neverallow. Change-Id: I39aff58c8f5a2f17bafcd2be33ed387199963b5f Signed-off-by:
William Roberts <william.c.roberts@intel.com>William Roberts authoredOccasionally, files get labeled with the domain type rather than the executable file type. This can work if the author uses domain_auto_trans() versus init_daemon_domain(). This will cause a lot of issues and is typically not what the author intended. Another case where exec on domain type might occur, is if someone attempts to execute a /proc/pid file, this also does not make sense. To prevent this, we add a neverallow. Change-Id: I39aff58c8f5a2f17bafcd2be33ed387199963b5f Signed-off-by:William Roberts <william.c.roberts@intel.com>