From e0c8da253c8135e72bd84729d44e6b254d83f64b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 16 Apr 2015 08:43:10 -0700
Subject: [PATCH] neverallow shell file_type:file link

Change-Id: I77ce4331d70edebcecc753b2e67ffab1de3ae98e
---
 shell.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/shell.te b/shell.te
index 0ce2cc41f..e7ea149df 100644
--- a/shell.te
+++ b/shell.te
@@ -75,3 +75,11 @@ allow shell domain:process getattr;
 # and read other files created by init process under /data/bootchart
 allow shell bootchart_data_file:dir rw_dir_perms;
 allow shell bootchart_data_file:file create_file_perms;
+
+# Do not allow shell to hard link to any files.
+# In particular, if shell hard links to app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure the shell user never has this
+# capability.
+neverallow shell file_type:file link;
-- 
GitLab