Skip to content
Snippets Groups Projects
Commit 334e0970 authored by Robin Lee's avatar Robin Lee
Browse files

Revoke zygote's read permission on keychain data 

Classes which statically read these files are no longer preloaded.

Bug: 18013422
Change-Id: Iafd127eff2ba95266f49f8d7c70bc9dd11624df4
parent b2b8f206
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 3 deletions
zygote.te
+ 0
3
View file @ 334e0970
...@@ -21,9 +21,6 @@ allow zygote appdomain:process { getpgid setpgid }; ...@@ -21,9 +21,6 @@ allow zygote appdomain:process { getpgid setpgid };
# Read system data. # Read system data.
allow zygote system_data_file:dir r_dir_perms; allow zygote system_data_file:dir r_dir_perms;
allow zygote system_data_file:file r_file_perms; allow zygote system_data_file:file r_file_perms;
# Read system security data.
allow zygote keychain_data_file:dir r_dir_perms;
allow zygote keychain_data_file:file r_file_perms;
# Write to /data/dalvik-cache. # Write to /data/dalvik-cache.
allow zygote dalvikcache_data_file:dir create_dir_perms; allow zygote dalvikcache_data_file:dir create_dir_perms;
allow zygote dalvikcache_data_file:file create_file_perms; allow zygote dalvikcache_data_file:file create_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment