From 0130154985aa5042b9e40c45fe60492e40004761 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 27 Sep 2013 10:38:14 -0400
Subject: [PATCH] Make sure exec_type is assigned to all entrypoint types.

Some file types used as domain entrypoints were missing the
exec_type attribute.  Add it and add a neverallow rule to
keep it that way.

Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 domain.te  | 3 +++
 ping.te    | 2 +-
 runas.te   | 2 +-
 shell.te   | 2 +-
 su.te      | 2 +-
 su_user.te | 2 +-
 6 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/domain.te b/domain.te
index 632123782..12aa89888 100644
--- a/domain.te
+++ b/domain.te
@@ -138,3 +138,6 @@ neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
 
 # Only init should be able to load SELinux policies
 neverallow { domain -init } kernel:security load_policy;
+
+# Ensure that all entrypoint executables are in exec_type.
+neverallow domain { file_type -exec_type }:file entrypoint;
diff --git a/ping.te b/ping.te
index 3c6254a3d..19f3a4741 100644
--- a/ping.te
+++ b/ping.te
@@ -1,5 +1,5 @@
 type ping, domain;
 permissive ping;
-type ping_exec, file_type;
+type ping_exec, exec_type, file_type;
 domain_auto_trans(shell, ping_exec, ping)
 unconfined_domain(ping)
diff --git a/runas.te b/runas.te
index 50295a9b9..ec5e1c4b6 100644
--- a/runas.te
+++ b/runas.te
@@ -1,5 +1,5 @@
 type runas, domain;
-type runas_exec, file_type;
+type runas_exec, exec_type, file_type;
 permissive runas;
 unconfined_domain(runas)
 
diff --git a/shell.te b/shell.te
index 89bc9becb..8b51003df 100644
--- a/shell.te
+++ b/shell.te
@@ -1,6 +1,6 @@
 # Domain for shell processes spawned by ADB
 type shell, domain;
-type shell_exec, file_type;
+type shell_exec, exec_type, file_type;
 unconfined_domain(shell)
 
 # Run app_process.
diff --git a/su.te b/su.te
index ca9fcc237..c1f002f86 100644
--- a/su.te
+++ b/su.te
@@ -1,6 +1,6 @@
 type su, domain;
 permissive su;
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
 domain_auto_trans(shell, su_exec, su)
 
 # su is unconfined.
diff --git a/su_user.te b/su_user.te
index 77fc535c9..6f936a081 100644
--- a/su_user.te
+++ b/su_user.te
@@ -1,4 +1,4 @@
 # File types must be defined for file_contexts.
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
 
 # No allow rules
-- 
GitLab