Skip to content
Snippets Groups Projects
Commit 35a4ed80 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Add wpa neverallow rule 

wpa should never trust any data coming from the sdcard. Add a
compile time assertion to make sure no rules are ever added
allowing this access.

Change-Id: I5f50a8242aa30f6cc0cfd89d82b2b153625105f6
parent 3bcdec8a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 0 deletions
wpa.te
+ 8
0
View file @ 35a4ed80
......@@ -37,3 +37,11 @@ allow wpa keystore:keystore_key {
userdebug_or_eng(`
unix_socket_send(wpa, wpa, su)
')
###
### neverallow rules
###
# wpa_supplicant should not trust any data from sdcards
neverallow wpa sdcard_type:dir ~getattr;
neverallow wpa sdcard_type:file *;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment