am 4d9648e3: am b519949d: system_server: assert app data files never opened directly * commit '4d9648e3e4bb2f3796d28f9cc95c6d3abd6075a9': system_server: assert app data files never opened directly

commit: 0ff85767a30885a65a61aa9b854c8b929cc6b33e [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Oct 29 17:11:35 2014 +0000
committer: Android Git Automerger <android-git-automerger@android.com> Wed Oct 29 17:11:35 2014 +0000
tree: 0c36ac9908c2c9362b21438cbe35f4638e84ecd8
parent: 709aa70d9dcb46aea8824c0559df4cfeee8b18a4 [diff]
parent: 4d9648e3e4bb2f3796d28f9cc95c6d3abd6075a9 [diff]
diff --git a/system_server.te b/system_server.te
index d0f2640..63a7ed0 100644
--- a/system_server.te
+++ b/system_server.te

@@ -413,3 +413,10 @@
 # Do not allow accessing SDcard files as unsafe ejection could
 # cause the kernel to kill the system_server.
 neverallow system_server sdcard_type:file rw_file_perms;
+
+# system server should never be opening zygote spawned app data
+# files directly. Rather, they should always be passed via a
+# file descriptor.
+# Types extracted from seapp_contexts type= fields, excluding
+# those types that system_server needs to open directly.
+neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open;
commit	0ff85767a30885a65a61aa9b854c8b929cc6b33e	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Oct 29 17:11:35 2014 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	Wed Oct 29 17:11:35 2014 +0000
tree	0c36ac9908c2c9362b21438cbe35f4638e84ecd8
parent	709aa70d9dcb46aea8824c0559df4cfeee8b18a4 [diff]
parent	4d9648e3e4bb2f3796d28f9cc95c6d3abd6075a9 [diff]