Something went wrong on our end
-
Stephen Smalley authoredThe system_server has duplicate/overlapping rules regarding /proc/pid access as well as a lack of clarity on the reason for the different rules. Deduplicate the rules and clarify the purpose of different sets of rules. Replace the rules granting /proc/pid access for all domains with specific rules only for domains that we know should be accessible by the system_server, i.e. all apps (appdomain) and the set of native processes listed in com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST. Change-Id: Idae6fc87e19e1700cdc4bdbde521d35caa046d74 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredThe system_server has duplicate/overlapping rules regarding /proc/pid access as well as a lack of clarity on the reason for the different rules. Deduplicate the rules and clarify the purpose of different sets of rules. Replace the rules granting /proc/pid access for all domains with specific rules only for domains that we know should be accessible by the system_server, i.e. all apps (appdomain) and the set of native processes listed in com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST. Change-Id: Idae6fc87e19e1700cdc4bdbde521d35caa046d74 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>