-
Stephen Smalley authoredThis change synchronizes the AOSP set of neverallow rules for app domains with our own. However, as we exclude unconfineddomain from each neverallow rule, it causes no breakage in the AOSP policy. As app domains are confined, you will need to either adjust the app domain or the neverallow rule according to your preference. But our policy builds with all of these applied with all app domains confined. Change-Id: I00163d46a6ca3a87e3d742d90866300f889a0b11 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredThis change synchronizes the AOSP set of neverallow rules for app domains with our own. However, as we exclude unconfineddomain from each neverallow rule, it causes no breakage in the AOSP policy. As app domains are confined, you will need to either adjust the app domain or the neverallow rule according to your preference. But our policy builds with all of these applied with all app domains confined. Change-Id: I00163d46a6ca3a87e3d742d90866300f889a0b11 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>