Skip to content
Snippets Groups Projects
Commit 35836f5e authored by Alex Klyubin's avatar Alex Klyubin Committed by android-build-merger
Browse files

Merge "Assert untrusted apps can't add or list hwservicemanager" into oc-dev am: f84989e5

am: 3b130767

Change-Id: Ia3b0df9ebc90548e75ee0d416ae15360feb3cd41
parents 1928c5ea 3b130767
No related branches found
No related tags found
No related merge requests found
......@@ -108,6 +108,10 @@ neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
# against privileged system components
neverallow all_untrusted_apps system_file:file lock;
# Do not permit untrusted apps to perform actions on HwBinder service_manager
# other than find actions for services listed below
neverallow all_untrusted_apps *:hwservice_manager ~find;
# Do not permit access from apps which host arbitrary code to HwBinder services,
# except those considered sufficiently safe for access from such apps.
# The two main reasons for this are:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment