Remove app_data_file access from unconfineddomain.

Require app_data_file access to be explicitly allowed to each domain. We especially do not want to allow app_data_file:lnk_file read to any privileged domain. But removing app_data_file access in general can be useful in protecting app data from rogue daemons. Change-Id: I46240562bce76579e108495ab15833e143841ad8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Remove app_data_file access from unconfineddomain.
Require app_data_file access to be explicitly allowed to each domain. We especially do not want to allow app_data_file:lnk_file read to any privileged domain. But removing app_data_file access in general can be useful in protecting app data from rogue daemons. Change-Id: I46240562bce76579e108495ab15833e143841ad8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
631a5a8e · Stephen Smalley · 04b8a75c · 631a5a8e
Commit 631a5a8e authored 10 years ago by Stephen Smalley
--- a/unconfined.te
+++ b/unconfined.te
@@ -58,6 +58,7 @@ allow unconfineddomain {
    -exec_type
    -security_file
    -shell_data_file
+    -app_data_file
 }:{ dir lnk_file sock_file fifo_file } ~relabelto;
 allow unconfineddomain exec_type:dir r_dir_perms;
 allow unconfineddomain exec_type:file { r_file_perms execute execmod };
@@ -81,6 +82,7 @@ allow unconfineddomain {
    -exec_type
    -security_file
    -shell_data_file
+    -app_data_file
 }:{ chr_file file } ~{entrypoint execute_no_trans execmod execute relabelto};
 allow unconfineddomain rootfs:file execute;
 allow unconfineddomain contextmount_type:dir r_dir_perms;