Skip to content
Snippets Groups Projects
Commit 5328d974 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

neverallow PROT_EXEC stack or heap. 


Despite removing these from AOSP policy they seem to still be
present in device policies.  Prohibit them via neverallow.

We would also like to minimize execmem to only app domains
and others using ART, but that will first require eliminating it
from device-specific service domains (which may only have it
due to prior incorrect handling of text relocations).

Change-Id: Id1f49566779d9877835497d8ec7537abafadadc4
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 9c7570ef
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment