Skip to content
Snippets Groups Projects
Commit 0141ccd0 authored by Stephen Smalley's avatar Stephen Smalley Committed by repo sync
Browse files

Remove unnecessary rules. 


Redundant with other rules or not required for untrusted app.

Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 0677cb2e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 11 deletions
cts.te
+ 0
11
View file @ 0141ccd0
...@@ -23,20 +23,9 @@ allow appdomain file_type:dir_file_class_set getattr; ...@@ -23,20 +23,9 @@ allow appdomain file_type:dir_file_class_set getattr;
allow appdomain dev_type:dir_file_class_set getattr; allow appdomain dev_type:dir_file_class_set getattr;
allow appdomain fs_type:dir_file_class_set getattr; allow appdomain fs_type:dir_file_class_set getattr;
# Execute the shell or other system executables.
allow appdomain shell_exec:file rx_file_perms;
allow appdomain system_file:file rx_file_perms;
# Accesses to apk_tmp_file and shell_data_file
allow appdomain apk_tmp_file:file rw_file_perms;
allow appdomain shell_data_file:file r_file_perms;
# Read permission over link file to devices. # Read permission over link file to devices.
allow appdomain dev_type:lnk_file read; allow appdomain dev_type:lnk_file read;
# Read routing information.
allow netdomain self:netlink_route_socket { create read write nlmsg_read };
# Tries to open /dev/alarm for writing but expects failure. # Tries to open /dev/alarm for writing but expects failure.
dontaudit appdomain alarm_device:chr_file write; dontaudit appdomain alarm_device:chr_file write;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment