Skip to content
Snippets Groups Projects
Commit 714ee5f2 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Ensure only com.android.shell can run in the shell domain. 

Don't allow apps to run with uid=shell or selinux domain=shell unless
the package is com.android.shell.

Add a neverallow assertion (compile time assertion + CTS test) to ensure
no regressions.

Bug: 68032516
Test: policy compiles, device boots, and no obvious problems.
Change-Id: Ic6600fa5608bfbdd41ff53840d904f97d17d6731
parent 2ecdfb49
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment