am e96c3abe: Add neverallow for mounting on proc

* commit 'e96c3abe': Add neverallow for mounting on proc

am e96c3abe: Add neverallow for mounting on proc
38885bc4 · dcashman · Android Git Automerger · 2e9e13d4 · e96c3abe · 38885bc4
Commit 38885bc4 authored 10 years ago by dcashman Committed by Android Git Automerger 10 years ago
--- a/domain.te
+++ b/domain.te
@@ -397,3 +397,5 @@ neverallow domain {
 # TODO: prohibit non-zygote spawned processes from using shared libraries
 # with text relocations. b/20013628 .
 # neverallow { domain -appdomain } file_type:file execmod;
+neverallow { domain -init } proc:{ file dir } mounton;