Skip to content
Snippets Groups Projects
Commit 0b943202 authored by Sandeep Patil's avatar Sandeep Patil
Browse files

Do not allow priv_apps to scan all exec files 


Bug: 36463595
Test: sailfish boots without new denials

Change-Id: I4271a293b91ab262dddd4d40220cd7daaff53bf2
Signed-off-by: default avatarSandeep Patil <sspatil@google.com>
(cherry picked from commit b2586825e1ce92d637754b4c40e4d5edfd50a1a6)
parent 46f9c124
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 3 deletions
private/priv_app.te
+ 0
3
View file @ 0b943202
...@@ -72,9 +72,6 @@ userdebug_or_eng(` ...@@ -72,9 +72,6 @@ userdebug_or_eng(`
allow priv_app perfprofd_data_file:dir r_dir_perms; allow priv_app perfprofd_data_file:dir r_dir_perms;
') ')
# Allow GMS core to scan executables on the system partition
allow priv_app exec_type:file { getattr read open };
# For AppFuse. # For AppFuse.
allow priv_app vold:fd use; allow priv_app vold:fd use;
allow priv_app fuse_device:chr_file { read write }; allow priv_app fuse_device:chr_file { read write };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment