Remove -kernel -recovery from keystore_data_file neverallow.

Aside from the keystore daemon itself, only init needs any access
to keystore_data_file (in order to create and potentially restorecon
/data/misc/keystore).  The exceptions for the kernel and recovery domains
are unnecessary; no allow rule permits this access in current policy.

Change-Id: I5cf6f29ec08174017ac8f5fb36fef166ce360ca0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-10-22 11:13:17 -04:00
parent 0d08d4721a
commit d4731ad8c7

View file

@ -21,8 +21,8 @@ allow keystore tee:unix_stream_socket connectto;
neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto }; neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto };
neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr }; neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:dir *; neverallow { domain -keystore -init } keystore_data_file:dir *;
neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:notdevfile_class_set *; neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
neverallow domain keystore:process ptrace; neverallow domain keystore:process ptrace;