Skip to content
Snippets Groups Projects
Commit 2fbdcaff authored by Sandeep Patil's avatar Sandeep Patil Committed by android-build-merger
Browse files

Merge "Do not allow untrusted apps any access to kernel configuration" into oc-dev am: 393c8e94 

am: 061174fb

Change-Id: I1fe506afa092c58d73310f5373cc9ae953477587
parents 1e56e95e 061174fb
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
private/app_neverallows.te
+ 3
0
View file @ 2fbdcaff
...@@ -98,6 +98,9 @@ neverallow all_untrusted_apps anr_data_file:dir ~search; ...@@ -98,6 +98,9 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
# Create a more specific label if needed # Create a more specific label if needed
neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms }; neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
# Avoid all access to kernel configuration
neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
# Do not allow untrusted apps access to preloads data files # Do not allow untrusted apps access to preloads data files
neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms; neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment