tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy: allow cross-user unnamed pipe access

Browse source 
Exempt unnamed pipes from the MLS constraints so that they can
be used for cross-user communications when passed over binder or
local socket IPC.

Addresses denials such as:
avc: denied { read } for path="pipe:[59071]" dev="pipefs" ino=59071 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=fifo_file

Bug: 19087939

Change-Id: I77d494c4a38bf473fec05b728eaf253484deeaf8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-02-20 12:30:31 -05:00 committed by dcashman
parent 47cd53a558
commit 7d1b6c8792
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
mls
View file

@ -78,12 +78,13 @@ mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr appen
# Special case for FIFOs.
# These can be unnamed pipes, in which case they will be labeled with the
# creating process' label. Thus we also have an exemption when the "object"
# is a MLS trusted subject and can receive data at any level.
# is a domain type, so that processes can communicate via unnamed pipes
# passed by binder or local socket IPC.
mlsconstrain fifo_file { read getattr }
(l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == mlstrustedsubject);
(l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain);
mlsconstrain fifo_file { write setattr append unlink link rename }
(l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == mlstrustedsubject);
(l1 domby l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain);
#
# IPC constraints