From 99aa03dce31ae933b28533901316a9a7c36cbb38 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 22 Aug 2014 15:08:39 -0700
Subject: [PATCH] assert that no domain can set default properties

Add a neverallow rule (compile time assertion) that no SELinux domain
other than init can set default_prop. default_prop is assigned to a
property when no more specific label exists for that property.

This ensures that all properties are labeled properly, and that
no-one (other than init) gets access to unknown properties.

Change-Id: If279960f23737e263d4d1b5face7b5c49cda7ae7
---
 domain.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/domain.te b/domain.te
index 9e2634848..936bca5fa 100644
--- a/domain.te
+++ b/domain.te
@@ -309,3 +309,7 @@ neverallow { domain -recovery } contextmount_type:dir_file_class_set
 # New service_types are defined in service.te and new mappings
 # from service name to service_type are defined in service_contexts.
 neverallow domain default_android_service:service_manager add;
+
+# Require that domains explicitly label unknown properties, and do not allow
+# anyone but init to modify unknown properties.
+neverallow { domain -init } default_prop:property_service set;
-- 
GitLab