Skip to content
Snippets Groups Projects
Commit 35836f5e authored by Alex Klyubin's avatar Alex Klyubin Committed by android-build-merger
Browse files

Merge "Assert untrusted apps can't add or list hwservicemanager" into oc-dev am: f84989e5 

am: 3b130767

Change-Id: Ia3b0df9ebc90548e75ee0d416ae15360feb3cd41
parents 1928c5ea 3b130767
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
private/app_neverallows.te
+ 4
0
View file @ 35836f5e
...@@ -108,6 +108,10 @@ neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms; ...@@ -108,6 +108,10 @@ neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
# against privileged system components # against privileged system components
neverallow all_untrusted_apps system_file:file lock; neverallow all_untrusted_apps system_file:file lock;
# Do not permit untrusted apps to perform actions on HwBinder service_manager
# other than find actions for services listed below
neverallow all_untrusted_apps *:hwservice_manager ~find;
# Do not permit access from apps which host arbitrary code to HwBinder services, # Do not permit access from apps which host arbitrary code to HwBinder services,
# except those considered sufficiently safe for access from such apps. # except those considered sufficiently safe for access from such apps.
# The two main reasons for this are: # The two main reasons for this are:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment