Google Git
Sign in
android / platform / external / sepolicy / be98d9c
commitbe98d9cff3af80438239662605c5cf9b757a2df6[log] [tgz]
authorNick Kralevich <nnk@google.com>Sat Aug 22 14:47:00 2015 -0700
committerNick Kralevich <nnk@google.com>Sat Aug 22 14:47:00 2015 -0700
tree45042d984be19d1cd1e77ed7f3494a82171d6652
parentacfd140c045d0bd295389a508ef6952acefb91fc [diff]
Add /data/local/tmp neverallow rules

Add a neverallow rule (compile time assertion) for /data/local/tmp
access. /data/local/tmp is intended entirely for the shell user, and
it's dangerous for other SELinux domains to access it. See, for example,
this commit from 2012:

  https://android.googlesource.com/platform/system/core/+/f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8

Change-Id: I5a7928ae2b51a574fad4e572b09e60e05b121cfe
2 files changed
tree: 45042d984be19d1cd1e77ed7f3494a82171d6652
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. binderservicedomain.te
  9. blkid.te
  10. blkid_untrusted.te
  11. bluetooth.te
  12. bootanim.te
  13. clatd.te
  14. CleanSpec.mk
  15. debuggerd.te
  16. device.te
  17. dex2oat.te
  18. dhcp.te
  19. dnsmasq.te
  20. domain.te
  21. drmserver.te
  22. dumpstate.te
  23. file.te
  24. file_contexts
  25. file_contexts_asan
  26. fs_use
  27. fsck.te
  28. fsck_untrusted.te
  29. gatekeeperd.te
  30. genfs_contexts
  31. global_macros
  32. gpsd.te
  33. hci_attach.te
  34. healthd.te
  35. hostapd.te
  36. idmap.te
  37. init.te
  38. initial_sid_contexts
  39. initial_sids
  40. inputflinger.te
  41. install_recovery.te
  42. installd.te
  43. isolated_app.te
  44. kernel.te
  45. keys.conf
  46. keystore.te
  47. lmkd.te
  48. logd.te
  49. mac_permissions.xml
  50. mdnsd.te
  51. mediaserver.te
  52. mls
  53. mls_macros
  54. MODULE_LICENSE_PUBLIC_DOMAIN
  55. mtp.te
  56. net.te
  57. netd.te
  58. neverallow_macros
  59. nfc.te
  60. NOTICE
  61. perfprofd.te
  62. platform_app.te
  63. policy_capabilities
  64. port_contexts
  65. ppp.te
  66. procrank.te
  67. property.te
  68. property_contexts
  69. racoon.te
  70. radio.te
  71. README
  72. recovery.te
  73. rild.te
  74. roles
  75. runas.te
  76. sdcardd.te
  77. seapp_contexts
  78. security_classes
  79. service.te
  80. service_contexts
  81. servicemanager.te
  82. sgdisk.te
  83. shared_relro.te
  84. shell.te
  85. slideshow.te
  86. su.te
  87. surfaceflinger.te
  88. system_app.te
  89. system_server.te
  90. te_macros
  91. tee.te
  92. toolbox.te
  93. tzdatacheck.te
  94. ueventd.te
  95. uncrypt.te
  96. untrusted_app.te
  97. users
  98. vdc.te
  99. vold.te
  100. watchdogd.te
  101. wpa.te
  102. zygote.te