Skip to content
Snippets Groups Projects
Commit 9df0fa86 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by android-build-merger
Browse files

Merge "kernel: neverallow dac_{override,read_search} perms" am: eb036bd0 

am: 697ec733

Change-Id: Id2967fd71dfcd2576bc13416d8685e6602be2810
parents f1e9f7eb 697ec733
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 0 deletions
public/kernel.te
+ 5
0
View file @ 9df0fa86
......@@ -90,3 +90,8 @@ neverallow * kernel:process { transition dyntransition };
# - You are running an exploit which switched to the init task credentials
# and is then trying to exec a shell or other program. You lose!
neverallow kernel *:file { entrypoint execute_no_trans };
# the kernel should not be accessing files owned by other users.
# Instead of adding dac_{read_search,override}, fix the unix permissions
# on files being accessed.
neverallow kernel self:capability { dac_override dac_read_search };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment