system_server.te · b519949df150ebe4fc9bf3db52542bb5d9238d4e · Werner Sembach / AndroidSystemSEPolicy

Something went wrong on our end

10 years ago

b519949d

system_server: assert app data files never opened directly · b519949d

Nick Kralevich authored 10 years ago

Add a compile time assertion that app data files are never
directly opened by system_server. Instead, system_server always
expects files to be passed via file descriptors.

This neverallow rule will help prevent accidental regressions and
allow us to perform other security tightening, for example
bug 7208882 - Make an application's home directory 700

Bug: 7208882
Change-Id: I49c725982c4af0b8c76601b2a5a82a5c96df025d

b519949d

History

system_server: assert app data files never opened directly

Nick Kralevich authored 10 years ago

Add a compile time assertion that app data files are never
directly opened by system_server. Instead, system_server always
expects files to be passed via file descriptors.

This neverallow rule will help prevent accidental regressions and
allow us to perform other security tightening, for example
bug 7208882 - Make an application's home directory 700

Bug: 7208882
Change-Id: I49c725982c4af0b8c76601b2a5a82a5c96df025d