From 17454cf805748a8792608a44bbfddb00fb918841 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Sep 2013 11:29:48 -0400
Subject: [PATCH] Do not permit appdomain to create/write to download_file.

The comment says that apps can read downloaded files, but the
file_type_auto_trans() macro expands to permit create/write access.
Also we don't need a type transition when staying in the same type
as the parent directory so we only truly need allow rules here.
Hence, we remove file_type_auto_trans() altogether, and add an allow
rule for search access to the directory.  If create/write access is
truly required, then we can just change the allow rules to use
rw_dir_perms and create_file_perms.

Change-Id: Icd71c9678419442cfd8088317317efd4332f9b4a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.te b/app.te
index 65494ec6b..27079cd3d 100644
--- a/app.te
+++ b/app.te
@@ -81,8 +81,8 @@ allow appdomain cache_backup_file:file { read write getattr };
 allow appdomain system_data_file:lnk_file getattr;
 
 # Allow all applications to read downloaded files
+allow appdomain download_file:dir search;
 allow appdomain download_file:file r_file_perms;
-file_type_auto_trans(appdomain, download_file, download_file)
 
 # Allow applications to communicate with netd via /dev/socket/dnsproxyd
 # to do DNS resolution
-- 
GitLab