The MDFPPv2 does not grant the "application's private data folder" to be both write and excute.

MDFPPv2: FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device.

MDFPPv3: FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device except for [assignment: list of exceptions].

The Assurance Activities needs to be updated to allow for "application's private data folder" testing.

In addition, the assignment for the "list of exceptions" is open-ended and could allow the vendor to add broad exceptions to allow a pass of the requirement.

Change to:

MDFPPv3:

FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device except for [selection: files stored in the application's private data folder, no exceptions].

Assurance Activity:

Test 1: The evaluator shall write, or the developer shall provide, an application that attempts to store a file with both write and execute permissions. If the selection is "no exceptions", then the evaluator shall verify that this action fails and that the permissions on the file are not simultaneously write and execute.  If the selection is "application's private data folder", then the evaluator shall ensure that the attempt to store the file is outside of the application's private data folder.

Test 2: The evaluator shall traverse the file system examining the permission on each TSF file to verify that no file has both write and execute permissions set.  If the selection is "application's private data folder", then only files outside of this folder need to be examined by the evaluator for this test.

MDFPPv2:

FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device except for [selection: files stored in the application's private data folder, no exceptions].

Assurance Activity:

Test 1: The evaluator shall write, or the developer shall provide, an application that attempts to store a file with both write and execute permissions. If the selection is "no exceptions", then the evaluator shall verify that this action fails and that the permissions on the file are not simultaneously write and execute.  If the selection is "application's private data folder", then the evaluator shall ensure that the attempt to store the file is outside of the application's private data folder.

Test 2: The evaluator shall traverse the file system examining the permission on each TSF file to verify that no file has both write and execute permissions set.  If the selection is "application's private data folder", then only files outside of this folder need to be examined by the evaluator for this test.

Changing MDFPPv2 requirement to match MDFPPv3 requirement.  In addtion, the assignment for the "list of exceptions" was too open-ended and needed to have boundaries, therefore have added "application's private data folder" as the only exception.