neverallow: domain:file execute and entrypoint

Occasionally, files get labeled with the domain type rather than the executable file type. This can work if the author uses domain_auto_trans() versus init_daemon_domain(). This will cause a lot of issues and is typically not what the author intended. Another case where exec on domain type might occur, is if someone attempts to execute a /proc/pid file, this also does not make sense. To prevent this, we add a neverallow. Change-Id: I39aff58c8f5a2f17bafcd2be33ed387199963b5f Signed-off-by: William Roberts <william.c.roberts@intel.com>

neverallow: domain:file execute and entrypoint
f25304ee · William Roberts · de11f501 · f25304ee
Commit f25304ee authored 9 years ago by William Roberts
--- a/domain.te
+++ b/domain.te
@@ -537,3 +537,16 @@ neverallow { domain userdebug_or_eng(`-logd -shell') } misc_logd_file:file rw_fi

 # Prevent assigning non property types to properties
 neverallow domain ~property_type:property_service set;
+
+# Domain types should never be assigned to any files other
+# than the /proc/pid files associated with a process. The
+# executable file used to enter a domain should be labeled
+# with its own _exec type, not with the domain type.
+# Conventionally, this looks something like:
+# $ cat mydaemon.te
+# type mydaemon, domain;
+# type mydaemon_exec, exec_type, file_type;
+# init_daemon_domain(mydaemon)
+# $ grep mydaemon file_contexts
+# /system/bin/mydaemon -- u:object_r:mydaemon_exec:s0
+neverallow domain domain:file { execute execute_no_trans entrypoint };