From d331e00bd8101b5ab63e08822cdad7a223c2a5dd Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 5 Mar 2014 13:07:01 -0500
Subject: [PATCH] Do not allow system_server to access SDcard files.

As per:
https://android-review.googlesource.com/#/c/84130/3/system_server.te@240
it is unsafe to allow such access.

Add a neverallow rule to prohibit any rules on sdcard_type in the
future.

Change-Id: Ife714b65b07144eb6228a048a55ba82181595213
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 system_server.te | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/system_server.te b/system_server.te
index 1f6bbee38..22965e25b 100644
--- a/system_server.te
+++ b/system_server.te
@@ -236,9 +236,6 @@ allow system_server cache_backup_file:file { relabelto relabelfrom };
 # LocalTransport creates and relabels /cache/backup
 allow system_server cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
 
-# Access SDcard files passed via binder or sockets.
-allow system_server sdcard_type:file { read write getattr };
-
 # Allow system to talk to usb device
 allow system_server usb_device:chr_file rw_file_perms;
 allow system_server usb_device:dir r_dir_perms;
@@ -268,3 +265,12 @@ allow system_server zygote:unix_dgram_socket write;
 # /sys/module/lowmemorykiller/parameters/adj
 # /sys/module/lowmemorykiller/parameters/minfree
 allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };
+
+###
+### Neverallow rules
+###
+### system_server should NEVER do any of this
+
+# Do not allow accessing SDcard files as unsafe ejection could
+# cause the kernel to kill the system_server.
+neverallow system_server sdcard_type:file rw_file_perms;
-- 
GitLab