Skip to content
Snippets Groups Projects
Commit 99aa03dc authored by Nick Kralevich's avatar Nick Kralevich
Browse files

assert that no domain can set default properties 

Add a neverallow rule (compile time assertion) that no SELinux domain
other than init can set default_prop. default_prop is assigned to a
property when no more specific label exists for that property.

This ensures that all properties are labeled properly, and that
no-one (other than init) gets access to unknown properties.

Change-Id: If279960f23737e263d4d1b5face7b5c49cda7ae7
parent 65feafce
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment