neverallow read to shell- and app-writable symlinks.

To reduce the likelihood of malicious symlink attacks, neverallow
read access to shell- and app-writable symlinks.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
(cherry picked from commit 9d439d3d4f6d5aa30b090f638f20841a3e3e72b2)

Bug: 21924438
Change-Id: Icf1ccca71ef4395de8be8503359f76f89cc9e1a5
1 file changed