Skip to content
Snippets Groups Projects
Commit 99d86c7a authored by Nick Kralevich's avatar Nick Kralevich
Browse files

ensure that untrusted_app can't set properties 

Bug: 10243159
Change-Id: I9409fe8898c446a33515f1bee2990f36a2e11535
parent 5d60f04e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
untrusted_app.te
+ 6
0
View file @ 99d86c7a
...@@ -76,3 +76,9 @@ neverallow untrusted_app debugfs:file read; ...@@ -76,3 +76,9 @@ neverallow untrusted_app debugfs:file read;
# Only trusted components of Android should be registering # Only trusted components of Android should be registering
# services. # services.
neverallow untrusted_app service_manager_type:service_manager add; neverallow untrusted_app service_manager_type:service_manager add;
# Don't allow untrusted_apps to connect to the property service
# or set properties. b/10243159
neverallow untrusted_app property_socket:sock_file write;
neverallow untrusted_app init:unix_stream_socket connectto;
neverallow untrusted_app property_type:property_service set;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment