-
Jeff Vander Stoep authoredVendor and system components are only allowed to share files by passing open FDs over HIDL. Ban all directory access and all file accesses other than what can be applied to an open FD such as ioctl/stat/read/write/append. This commit asserts that core components marked with attribute coredomain may only access core data types marked with attribute core_data_file_type. A temporary exemption is granted to domains that currently rely on access. (cherry picked from commit cd97e710) Bug: 34980020 Test: build Marlin policy Change-Id: I2f0442f2628fbac1f2f7aa5ddf2a13e16b2546cc
Jeff Vander Stoep authoredVendor and system components are only allowed to share files by passing open FDs over HIDL. Ban all directory access and all file accesses other than what can be applied to an open FD such as ioctl/stat/read/write/append. This commit asserts that core components marked with attribute coredomain may only access core data types marked with attribute core_data_file_type. A temporary exemption is granted to domains that currently rely on access. (cherry picked from commit cd97e710) Bug: 34980020 Test: build Marlin policy Change-Id: I2f0442f2628fbac1f2f7aa5ddf2a13e16b2546cc