Merge "app.te: prevent locks of files on /system"

am: cc45b87c Change-Id: I17fe3e79b7f673a0703be5be7bb93838cd2f7ed6

Merge "app.te: prevent locks of files on /system"
am: cc45b87c Change-Id: I17fe3e79b7f673a0703be5be7bb93838cd2f7ed6
6fcbd0f5 · Nick Kralevich · android-build-merger · a6445395 · cc45b87c · 6fcbd0f5
Commit 6fcbd0f5 authored 8 years ago by Nick Kralevich Committed by android-build-merger 8 years ago
--- a/private/app.te
+++ b/private/app.te
@@ -87,11 +87,12 @@ allow appdomain oemfs:file rx_file_perms;
 # Execute the shell or other system executables.
 allow { appdomain -ephemeral_app -untrusted_v2_app } shell_exec:file rx_file_perms;
-allow { appdomain -ephemeral_app -untrusted_v2_app } system_file:file rx_file_perms;
+allow { appdomain -ephemeral_app -untrusted_v2_app } system_file:file x_file_perms;
 allow { appdomain -ephemeral_app -untrusted_v2_app } toolbox_exec:file rx_file_perms;
 # Renderscript needs the ability to read directories on /system
-r_dir_file(appdomain, system_file)
+allow appdomain system_file:dir r_dir_perms;
+allow appdomain system_file:lnk_file { getattr open read };
 # Execute dex2oat when apps call dexclassloader
 allow appdomain dex2oat_exec:file rx_file_perms;

--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -100,3 +100,7 @@ neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
 # Do not allow untrusted apps access to preloads data files
 neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
+# Locking of files on /system could lead to denial of service attacks
+# against privileged system components
+neverallow all_untrusted_apps system_file:file lock;