From 14d5619a1aada9b3186ad9ea280ff75a08e1c368 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 10 Feb 2015 15:53:17 -0800
Subject: [PATCH] domain.te: neverallow System V IPC classes

Android doesn't want to support System V IPC classes.
Ensure that it isn't supported by adding a neverallow rule
(compile time assertion).

Change-Id: I278d45960ee557917584f9137323b4cabfe140a9
---
 domain.te | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/domain.te b/domain.te
index 4c35f0c8c..731e0c494 100644
--- a/domain.te
+++ b/domain.te
@@ -344,3 +344,21 @@ neverallow {
   -installd
   -dex2oat
 } dalvikcache_data_file:file no_w_file_perms;
+
+# Android does not support System V IPCs.
+#
+# The reason for this is due to the fact that, by design, they lead to global
+# kernel resource leakage.
+#
+# For example, there is no way to automatically release a SysV semaphore
+# allocated in the kernel when:
+#
+# - a buggy or malicious process exits
+# - a non-buggy and non-malicious process crashes or is explicitly killed.
+#
+# Killing processes automatically to make room for new ones is an
+# important part of Android's application lifecycle implementation. This means
+# that, even assuming only non-buggy and non-malicious code, it is very likely
+# that over time, the kernel global tables used to implement SysV IPCs will fill
+# up.
+neverallow domain domain:{ shm sem msg msgq } *;