Delete dalvikcache_data_file write/setattr access from shell.

This showed up at some point in the past during our own internal CTS testing but it seems wrong based on the DAC permissions and a potential way to inject code into apps from the shell. Drop it for now and see if it shows up again. This predates userdebug/eng vs user shell split so possibly it only happens in the userdebug/eng case. Change-Id: If8b1e7817f8efecbf68a0ba5fd06328a23a6c6db Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Delete dalvikcache_data_file write/setattr access from shell.
This showed up at some point in the past during our own internal CTS testing but it seems wrong based on the DAC permissions and a potential way to inject code into apps from the shell. Drop it for now and see if it shows up again. This predates userdebug/eng vs user shell split so possibly it only happens in the userdebug/eng case. Change-Id: If8b1e7817f8efecbf68a0ba5fd06328a23a6c6db Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
c17d30a5 · Stephen Smalley · d28ceeb0 · c17d30a5
Commit c17d30a5 authored 11 years ago by Stephen Smalley
--- a/shelldomain.te
+++ b/shelldomain.te
@@ -22,7 +22,6 @@ allow shelldomain shell_exec:file rx_file_perms;
 allow shelldomain zygote_exec:file rx_file_perms;
 r_dir_file(shelldomain, apk_data_file)
-allow shelldomain dalvikcache_data_file:file { write setattr };
 # Set properties.
 unix_socket_connect(shelldomain, property, init)