Add wpa neverallow rule
wpa should never trust any data coming from the sdcard. Add a compile time assertion to make sure no rules are ever added allowing this access. Change-Id: I5f50a8242aa30f6cc0cfd89d82b2b153625105f6
This commit is contained in:
Nick Kralevich
parent
3bcdec8a1e
commit
35a4ed80a6
1 changed files with 8 additions and 0 deletions
8
wpa.te
8
wpa.te
|
|
@ -37,3 +37,11 @@ allow wpa keystore:keystore_key {
|
||||||
userdebug_or_eng(`
|
userdebug_or_eng(`
|
||||||
unix_socket_send(wpa, wpa, su)
|
unix_socket_send(wpa, wpa, su)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
###
|
||||||
|
### neverallow rules
|
||||||
|
###
|
||||||
|
|
||||||
|
# wpa_supplicant should not trust any data from sdcards
|
||||||
|
neverallow wpa sdcard_type:dir ~getattr;
|
||||||
|
neverallow wpa sdcard_type:file *;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue