Skip to content
Snippets Groups Projects
Commit 917cf072 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Fixup neverallow rule"

parents 8dabc2ce 2ec15e5b
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
private/system_server.te
+ 2
5
View file @ 917cf072
...@@ -758,11 +758,8 @@ neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock ...@@ -758,11 +758,8 @@ neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock
neverallow system_server dex2oat_exec:file no_x_file_perms; neverallow system_server dex2oat_exec:file no_x_file_perms;
# system_server should never execute or load executable shared libraries # system_server should never execute or load executable shared libraries
# in /data except for /data/dalvik-cache files. # in /data
neverallow system_server { neverallow system_server data_file_type:file no_x_file_perms;
data_file_type
-dalvikcache_data_file #mapping with PROT_EXEC
}:file no_x_file_perms;
# The only block device system_server should be accessing is # The only block device system_server should be accessing is
# the frp_block_device. This helps avoid a system_server to root # the frp_block_device. This helps avoid a system_server to root
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment