neverallow read to shell- and app-writable symlinks.

To reduce the likelihood of malicious symlink attacks, neverallow read access to shell- and app-writable symlinks. Change-Id: I0dea1e6e4f0ce34531100696d230294e1b8a5500 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

neverallow read to shell- and app-writable symlinks.
9d439d3d · Stephen Smalley · e010f08e · 9d439d3d
Commit 9d439d3d authored 9 years ago by Stephen Smalley
--- a/domain.te
+++ b/domain.te
@@ -452,3 +452,20 @@ neverallow {
  -runas
  -zygote
 } shell:process { transition dyntransition };
+# Minimize read access to shell- or app-writable symlinks.
+# This is to prevent malicious symlink attacks.
+neverallow {
+  domain
+  -appdomain
+  -installd
+  -uncrypt  # TODO: see if we can remove
+} app_data_file:lnk_file read;
+neverallow {
+  domain
+  -shell
+  userdebug_or_eng(`-uncrypt')
+  -installd
+  -surfaceflinger # TODO: see if we can remove from mako sepolicy
+} shell_data_file:lnk_file read;