Skip to content
Snippets Groups Projects
Commit 7c7cd736 authored by Nick Kralevich's avatar Nick Kralevich Committed by android-build-merger
Browse files

Make sure neverallow rules also cover other property types 

am: 4432c635

* commit '4432c635':
  Make sure neverallow rules also cover other property types

Change-Id: I350a35b7d5cfc99cf736a83eb0efef6f6a2635fe
parents 7cb08dd7 4432c635
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 1 deletion
domain.te
+ 4
1
View file @ 7c7cd736
......@@ -271,9 +271,12 @@ neverallow {
neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
# Only the init property service should write to /data/property.
# Only the init property service should write to /data/property and /dev/__properties__
neverallow { domain -init } property_data_file:dir no_w_dir_perms;
neverallow { domain -init } property_data_file:file no_w_file_perms;
neverallow { domain -init } property_type:file no_w_file_perms;
neverallow { domain -init } properties_device:file no_w_file_perms;
neverallow { domain -init } properties_serial:file no_w_file_perms;
# Only recovery should be doing writes to /system
neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment