Something went wrong on our end
-
William Roberts authoredTo help reduce code injection paths, a neverallow is placed to prevent domain, sans untrusted_app and shell, execute on data_file_type. A few data_file_type's are also exempt from this rule as they label files that should be executable. Additional constraints, on top of the above, are placed on domains system_server and zygote. They can only execute data_file_type's of type dalvikcache_data_file. Change-Id: I15dafbce80ba2c85a03c23128eae4725703d5f02 Signed-off-by:
William Roberts <william.c.roberts@intel.com>William Roberts authoredTo help reduce code injection paths, a neverallow is placed to prevent domain, sans untrusted_app and shell, execute on data_file_type. A few data_file_type's are also exempt from this rule as they label files that should be executable. Additional constraints, on top of the above, are placed on domains system_server and zygote. They can only execute data_file_type's of type dalvikcache_data_file. Change-Id: I15dafbce80ba2c85a03c23128eae4725703d5f02 Signed-off-by:William Roberts <william.c.roberts@intel.com>