From 9d439d3d4f6d5aa30b090f638f20841a3e3e72b2 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 18 Jun 2015 14:20:38 -0400
Subject: [PATCH] neverallow read to shell- and app-writable symlinks.

To reduce the likelihood of malicious symlink attacks, neverallow
read access to shell- and app-writable symlinks.

Change-Id: I0dea1e6e4f0ce34531100696d230294e1b8a5500
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 domain.te | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/domain.te b/domain.te
index f787d4a7a..73043f57e 100644
--- a/domain.te
+++ b/domain.te
@@ -452,3 +452,20 @@ neverallow {
   -runas
   -zygote
 } shell:process { transition dyntransition };
+
+# Minimize read access to shell- or app-writable symlinks.
+# This is to prevent malicious symlink attacks.
+neverallow {
+  domain
+  -appdomain
+  -installd
+  -uncrypt  # TODO: see if we can remove
+} app_data_file:lnk_file read;
+
+neverallow {
+  domain
+  -shell
+  userdebug_or_eng(`-uncrypt')
+  -installd
+  -surfaceflinger # TODO: see if we can remove from mako sepolicy
+} shell_data_file:lnk_file read;
-- 
GitLab