tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

neverallow_macros: add watch* perms

Browse source 
In cases where directory read access has been neverallowed via
no_rw_dir_perms, also neverallow the various watch* permissions.
If read was disallowed by the neverallow assertions, there's an
assumption that watch was also intended to not be allowed. Make that
assumption explicit.

References:
* https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ac5656d8a4cdd93cd2c74355ed12e5617817e0e7
* c4ab8edf74
* dddbaaf1e8

Test: compiles
Change-Id: I8139eaf1165a5090c7b48e45f353170e58ddf1d9
This commit is contained in:
Nick Kralevich 2019-09-05 09:54:43 -07:00
parent b56a49d979
commit 6a7a72b07a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/neverallow_macros
View file

@ -1,7 +1,7 @@
#
# Common neverallow permissions
define(`no_w_file_perms', `{ append create link unlink relabelfrom rename setattr write }')
define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock }')
define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }')
define(`no_x_file_perms', `{ execute execute_no_trans }')
define(`no_w_dir_perms', `{ add_name create link relabelfrom remove_name rename reparent rmdir setattr write }')