Skip to content
Snippets Groups Projects
Commit 66344009 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Enforce restrictions on kernel module origin 

(cherry picked from AOSP 163c8a006b87cae0217fd9dafdaec5271f1d795b)

Do not allow module loading except from the system, vendor,
and boot partitions.

Bug: 27824855
Change-Id: Ifc012e47c5677190c7cc564f9d48af8c7d0982e1
parent 182c4f31
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 5 additions and 0 deletions
domain.te
+ 5
0
View file @ 66344009
......@@ -560,3 +560,8 @@ neverallow {
-installd
-profman
} profman_exec:file no_x_file_perms;
# Enforce restrictions on kernel module origin.
# Do not allow kernel module loading except from system,
# vendor, and boot partitions.
neverallow * ~{ system_file rootfs }:system module_load;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment