356f4be679
Writing to the /proc/self/attr files (encapsulated by the libselinux set*con functions) enables a program to request a specific security context for various operations instead of the policy-defined defaults. The security context specified using these calls is checked by an operation-specific permission, e.g. dyntransition for setcon, transition for setexeccon, create for setfscreatecon or setsockcreatecon, but the ability to request a context at all is controlled by a process permission. Omit these permissions from domain.te and only add them back where required so that only specific domains can even request a context other than the default defined by the policy. Change-Id: I6a2fb1279318625a80f3ea8e3f0932bdbe6df676 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
21 lines
679 B
Plaintext
21 lines
679 B
Plaintext
# recovery console (used in recovery init.rc for /sbin/recovery)
|
|
type recovery, domain;
|
|
allow recovery rootfs:file entrypoint;
|
|
unconfined_domain(recovery)
|
|
|
|
allow recovery self:capability2 mac_admin;
|
|
|
|
allow recovery {fs_type dev_type -kmem_device file_type}:dir_file_class_set relabelto;
|
|
allow recovery unlabeled:filesystem mount;
|
|
allow recovery fs_type:filesystem *;
|
|
|
|
# Required to e.g. wipe userdata/cache.
|
|
allow recovery dev_type:blk_file rw_file_perms;
|
|
|
|
allow recovery self:process execmem;
|
|
allow recovery ashmem_device:chr_file execute;
|
|
allow recovery tmpfs:file rx_file_perms;
|
|
|
|
# Use setfscreatecon() to label files for OTA updates.
|
|
allow recovery self:process setfscreate;
|