Skip to content
Snippets Groups Projects
Commit 7fef6182 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by android-build-merger
Browse files

Merge "Enforce restrictions on kernel module origin"

am: 3541843a

* commit '3541843a':
  Enforce restrictions on kernel module origin

Change-Id: I6ad045e20492577211e4d0bb35b83f19e4e93c82
parents f1b63dcc 3541843a
No related branches found
No related tags found
No related merge requests found
...@@ -545,3 +545,8 @@ neverallow { ...@@ -545,3 +545,8 @@ neverallow {
-ueventd -ueventd
-vold -vold
} fuse_device:chr_file *; } fuse_device:chr_file *;
# Enforce restrictions on kernel module origin.
# Do not allow kernel module loading except from system,
# vendor, and boot partitions.
neverallow * ~{ system_file rootfs }:system module_load;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment