domain.te: neverallow System V IPC classes

Android doesn't want to support System V IPC classes. Ensure that it isn't supported by adding a neverallow rule (compile time assertion). Change-Id: I278d45960ee557917584f9137323b4cabfe140a9

domain.te: neverallow System V IPC classes
Android doesn't want to support System V IPC classes. Ensure that it isn't supported by adding a neverallow rule (compile time assertion). Change-Id: I278d45960ee557917584f9137323b4cabfe140a9
14d5619a · Nick Kralevich · b8ef2b02 · 14d5619a
Commit 14d5619a authored 10 years ago by Nick Kralevich
--- a/domain.te
+++ b/domain.te
@@ -344,3 +344,21 @@ neverallow {
  -installd
  -dex2oat
 } dalvikcache_data_file:file no_w_file_perms;
+# Android does not support System V IPCs.
+#
+# The reason for this is due to the fact that, by design, they lead to global
+# kernel resource leakage.
+#
+# For example, there is no way to automatically release a SysV semaphore
+# allocated in the kernel when:
+#
+# - a buggy or malicious process exits
+# - a non-buggy and non-malicious process crashes or is explicitly killed.
+#
+# Killing processes automatically to make room for new ones is an
+# important part of Android's application lifecycle implementation. This means
+# that, even assuming only non-buggy and non-malicious code, it is very likely
+# that over time, the kernel global tables used to implement SysV IPCs will fill
+# up.
+neverallow domain domain:{ shm sem msg msgq } *;