am b519949d: system_server: assert app data files never opened directly * commit 'b519949df150ebe4fc9bf3db52542bb5d9238d4e': system_server: assert app data files never opened directly

commit: 4d9648e3e4bb2f3796d28f9cc95c6d3abd6075a9 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Tue Oct 28 04:31:29 2014 +0000
committer: Android Git Automerger <android-git-automerger@android.com> Tue Oct 28 04:31:29 2014 +0000
tree: 810a62a343a607e3506f2c998d522ff968779156
parent: c97aba391d30bf6fa770b1d3a04330089c982d9d [diff]
parent: b519949df150ebe4fc9bf3db52542bb5d9238d4e [diff]
diff --git a/system_server.te b/system_server.te
index f17f8d3..ae14ab3 100644
--- a/system_server.te
+++ b/system_server.te

@@ -409,3 +409,10 @@
 # Do not allow accessing SDcard files as unsafe ejection could
 # cause the kernel to kill the system_server.
 neverallow system_server sdcard_type:file rw_file_perms;
+
+# system server should never be opening zygote spawned app data
+# files directly. Rather, they should always be passed via a
+# file descriptor.
+# Types extracted from seapp_contexts type= fields, excluding
+# those types that system_server needs to open directly.
+neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open;
commit	4d9648e3e4bb2f3796d28f9cc95c6d3abd6075a9	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Oct 28 04:31:29 2014 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	Tue Oct 28 04:31:29 2014 +0000
tree	810a62a343a607e3506f2c998d522ff968779156
parent	c97aba391d30bf6fa770b1d3a04330089c982d9d [diff]
parent	b519949df150ebe4fc9bf3db52542bb5d9238d4e [diff]