Skip to content
Snippets Groups Projects
Commit 73b4f9d8 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by android-build-merger
Browse files

do not enforce neverallow on CAP_SYS_RAWIO on debug builds

am: 7141f105

* commit '7141f105':
  do not enforce neverallow on CAP_SYS_RAWIO on debug builds

Change-Id: I4ec1380ca50c7ec9c06480d86075fde8940103cf
parents 0959aa67 7141f105
No related branches found
No related tags found
No related merge requests found
...@@ -165,8 +165,19 @@ neverallow { ...@@ -165,8 +165,19 @@ neverallow {
-vold -vold
} self:capability mknod; } self:capability mknod;
# Limit raw I/O to these whitelisted domains. # Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -uncrypt -tee } self:capability sys_rawio; neverallow {
domain
userdebug_or_eng(`-domain')
-kernel
-init
-recovery
-ueventd
-watchdogd
-healthd
-uncrypt
-tee
} self:capability sys_rawio;
# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR). # No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).
neverallow * self:memprotect mmap_zero; neverallow * self:memprotect mmap_zero;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment