neverallow read to shell- and app-writable symlinks. To reduce the likelihood of malicious symlink attacks, neverallow read access to shell- and app-writable symlinks. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit 9d439d3d4f6d5aa30b090f638f20841a3e3e72b2) Bug: 21924438 Change-Id: Icf1ccca71ef4395de8be8503359f76f89cc9e1a5

commit: 16873c10d3151b2eac7be24c9b5f031e7b274f44 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Thu Jun 18 14:20:38 2015 -0400
committer: Nick Kralevich <nnk@google.com> Thu Jun 18 12:54:36 2015 -0700
tree: 8afc24290677ab2b534ed7a1de4a66b4f1cc6f66
parent: 646202704d869055784ab8561535e85f9d29734e [diff]
diff --git a/domain.te b/domain.te
index 9331457..c115f87 100644
--- a/domain.te
+++ b/domain.te

@@ -456,3 +456,20 @@
   -runas
   -zygote
 } shell:process { transition dyntransition };
+
+# Minimize read access to shell- or app-writable symlinks.
+# This is to prevent malicious symlink attacks.
+neverallow {
+  domain
+  -appdomain
+  -installd
+  -uncrypt  # TODO: see if we can remove
+} app_data_file:lnk_file read;
+
+neverallow {
+  domain
+  -shell
+  userdebug_or_eng(`-uncrypt')
+  -installd
+  -surfaceflinger # TODO: see if we can remove from mako sepolicy
+} shell_data_file:lnk_file read;
commit	16873c10d3151b2eac7be24c9b5f031e7b274f44	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Thu Jun 18 14:20:38 2015 -0400
committer	Nick Kralevich <nnk@google.com>	Thu Jun 18 12:54:36 2015 -0700
tree	8afc24290677ab2b534ed7a1de4a66b4f1cc6f66
parent	646202704d869055784ab8561535e85f9d29734e [diff]