Skip to content
Snippets Groups Projects
Commit 9935362c authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Hide some denials."

parents 7fe796a0 d93ef542
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/untrusted_app_all.te
+ 9
0
View file @ 9935362c
...@@ -124,3 +124,12 @@ unix_socket_connect(untrusted_app_all, traced_producer, traced) ...@@ -124,3 +124,12 @@ unix_socket_connect(untrusted_app_all, traced_producer, traced)
# allow untrusted apps to use UDP sockets provided by the system server but not # allow untrusted apps to use UDP sockets provided by the system server but not
# modify them other than to connect # modify them other than to connect
allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom sendto write }; allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom sendto write };
# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
dontaudit untrusted_app_all net_dns_prop:file read;
# These have been disallowed since Android O.
# For P, we assume that apps are safely handling the denial.
dontaudit untrusted_app_all proc_stat:file read;
dontaudit untrusted_app_all proc_vmstat:file read;
dontaudit untrusted_app_all proc_uptime:file read;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment