Something went wrong on our end
-
Stephen Smalley authoredNow that all of /data outside of /data/data should be labeled even on legacy devices as a result of Ib8d9751a47c8e0238cf499fcec61898937945d9d, there should be no reason to permit the system_server or zygote execute access to unlabeled files. This is the only remaining case where a type writable by app domains can be executed by system services, so eliminating it is desirable. That said, I have not specifically tested the non-SE to SE upgrade path to confirm that this causes no problems. Change-Id: Ie488bd6e347d4a210806a3308ab25b00952aadb4 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredNow that all of /data outside of /data/data should be labeled even on legacy devices as a result of Ib8d9751a47c8e0238cf499fcec61898937945d9d, there should be no reason to permit the system_server or zygote execute access to unlabeled files. This is the only remaining case where a type writable by app domains can be executed by system services, so eliminating it is desirable. That said, I have not specifically tested the non-SE to SE upgrade path to confirm that this causes no problems. Change-Id: Ie488bd6e347d4a210806a3308ab25b00952aadb4 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>