From 16873c10d3151b2eac7be24c9b5f031e7b274f44 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 18 Jun 2015 14:20:38 -0400
Subject: [PATCH] neverallow read to shell- and app-writable symlinks.

To reduce the likelihood of malicious symlink attacks, neverallow
read access to shell- and app-writable symlinks.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
(cherry picked from commit 9d439d3d4f6d5aa30b090f638f20841a3e3e72b2)

Bug: 21924438
Change-Id: Icf1ccca71ef4395de8be8503359f76f89cc9e1a5
---
 domain.te | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/domain.te b/domain.te
index 93314571f..c115f87b0 100644
--- a/domain.te
+++ b/domain.te
@@ -456,3 +456,20 @@ neverallow {
   -runas
   -zygote
 } shell:process { transition dyntransition };
+
+# Minimize read access to shell- or app-writable symlinks.
+# This is to prevent malicious symlink attacks.
+neverallow {
+  domain
+  -appdomain
+  -installd
+  -uncrypt  # TODO: see if we can remove
+} app_data_file:lnk_file read;
+
+neverallow {
+  domain
+  -shell
+  userdebug_or_eng(`-uncrypt')
+  -installd
+  -surfaceflinger # TODO: see if we can remove from mako sepolicy
+} shell_data_file:lnk_file read;
-- 
GitLab