5e37271df8
system_file_type is a new attribute used to identify files which exist on the /system partition. It's useful for allow rules in init, which are based off of a blacklist of writable files. Additionally, it's useful for constructing neverallow rules to prevent regressions. Additionally, add commented out tests which enforce that all files on the /system partition have the system_file_type attribute. These tests will be uncommented in a future change after all the device-specific policies are cleaned up. Test: Device boots and no obvious problems. Change-Id: Id9bae6625f042594c8eba74ca712abb09702c1e5
18 lines
1 KiB
Text
18 lines
1 KiB
Text
# The tzdatacheck command run by init.
|
|
type tzdatacheck, domain;
|
|
type tzdatacheck_exec, system_file_type, exec_type, file_type;
|
|
|
|
allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
|
|
allow tzdatacheck zoneinfo_data_file:file unlink;
|
|
|
|
# Below are strong assertion that only init, system_server and tzdatacheck
|
|
# can modify the /data time zone rules directories. This is to make it very
|
|
# clear that only these domains should modify the actual time zone rules data.
|
|
# The tzdatacheck binary itself may be executed by shell for tests but it must
|
|
# not be able to modify the real rules.
|
|
# If other users / binaries could modify time zone rules on device this might
|
|
# have negative implications for users (who may get incorrect local times)
|
|
# or break assumptions made / invalidate data held by the components actually
|
|
# responsible for updating time zone rules.
|
|
neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms;
|
|
neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms;
|