Skip to content
Snippets Groups Projects
Commit 437f7139 authored by Nick Kralevich's avatar Nick Kralevich Committed by Android Git Automerger
Browse files

am 361cdaff: system_server: neverallow dex2oat exec 

* commit '361cdaff':
  system_server: neverallow dex2oat exec
parents 6cfd9d13 361cdaff
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
system_server.te
+ 6
0
View file @ 437f7139
...@@ -485,3 +485,9 @@ neverallow system_server sdcard_type:file rw_file_perms; ...@@ -485,3 +485,9 @@ neverallow system_server sdcard_type:file rw_file_perms;
# Types extracted from seapp_contexts type= fields, excluding # Types extracted from seapp_contexts type= fields, excluding
# those types that system_server needs to open directly. # those types that system_server needs to open directly.
neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open; neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open;
# system_server should never be executing dex2oat. This is either
# a bug (for example, bug 16317188), or represents an attempt by
# system server to dynamically load a dex file, something we do not
# want to allow.
neverallow system_server dex2oat_exec:file no_x_file_perms;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment