-
Stephen Smalley authored
With the sepolicy-analyze neverallow checking, attribute expansion is performed against the device policy and therefore we do not want our neverallow rules to exempt domains from consideration based on an attribute (e.g. -unconfineddomain). Otherwise, device policy could pass the neverallow check just by adding more domains to unconfineddomain. We could of course add a CTS test to check the list of unconfineddomains against a whitelist, but it seems desirable regardless to narrow these neverallow rules to only the specific domains required. There are three such neverallow rules in current policy: one on creating unlabeled files, one on accessing /dev/hw_random, and one on accessing a character device without a specific type. The only domain in unconfineddomain that appears to have a legitimate need for any of these permissions is the init domain. Replace -unconfineddomain with -init in these neverallow rules, exclude these permissions from unconfineddoma...
0d08d472
