Skip to content
Snippets Groups Projects
Commit 7d1b6c87 authored by Stephen Smalley's avatar Stephen Smalley Committed by dcashman
Browse files

sepolicy: allow cross-user unnamed pipe access 


Exempt unnamed pipes from the MLS constraints so that they can
be used for cross-user communications when passed over binder or
local socket IPC.

Addresses denials such as:
avc: denied { read } for path="pipe:[59071]" dev="pipefs" ino=59071 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=fifo_file

Bug: 19087939

Change-Id: I77d494c4a38bf473fec05b728eaf253484deeaf8
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 47cd53a5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 3 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment