Skip to content
Snippets Groups Projects
Commit 60cfe79f authored by dcashman's avatar dcashman
Browse files

Revert "Drop special handling of app_data_file in mls constraints." 

This reverts commit 27042f6d.

Managed profiles are represented by new android users which have the ability to
communicate across profiles as governed by an IntentFilter provisioned by the
DevicePolicyManager.  This communication includes reading and writing content
URIs, which is currently obstructed by the mls separation between an owning user
and its managed profile.

Bug: 19444116
Bug: 19525465
Bug: 19540297
Bug: 19592525
Change-Id: Id9a97f24081902bceab5a96ddffd9276d751775b
parent 23f33615
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 21 additions and 5 deletions
mls
+ 21
5
View file @ 60cfe79f
...@@ -59,21 +59,37 @@ mlsconstrain unix_stream_socket { connectto } ...@@ -59,21 +59,37 @@ mlsconstrain unix_stream_socket { connectto }
mlsconstrain dir_file_class_set { create relabelfrom relabelto } mlsconstrain dir_file_class_set { create relabelfrom relabelto }
(l2 eq h2 and (l1 eq l2 or t1 == mlstrustedsubject)); (l2 eq h2 and (l1 eq l2 or t1 == mlstrustedsubject));
#
# Constraints for app data files only.
#
# Only constrain open, not read/write.
# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
# Subject must be equivalent to object unless the subject is trusted.
mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
(t2 != app_data_file or l1 eq l2 or t1 == mlstrustedsubject);
mlsconstrain { file lnk_file sock_file } { open setattr unlink link rename }
(t2 != app_data_file or l1 eq l2 or t1 == mlstrustedsubject);
#
# Constraints for file types other than app data files.
#
# Read operations: Subject must dominate object unless the subject # Read operations: Subject must dominate object unless the subject
# or the object is trusted. # or the object is trusted.
mlsconstrain dir { read getattr search } mlsconstrain dir { read getattr search }
(l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); (t2 == app_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
mlsconstrain { file lnk_file sock_file chr_file blk_file } { open execute } mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
(l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); (t2 == app_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
# Write operations: Subject must be dominated by the object unless the # Write operations: Subject must be dominated by the object unless the
# subject or the object is trusted. # subject or the object is trusted.
mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir } mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir }
(l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); (t2 == app_data_file or l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename } mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename }
(l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); (t2 == app_data_file or l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
# Special case for FIFOs. # Special case for FIFOs.
# These can be unnamed pipes, in which case they will be labeled with the # These can be unnamed pipes, in which case they will be labeled with the
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment