Commit b081cc1e authored 11 years ago by Stephen Smalley Committed by Nick Kralevich 11 years ago

Remove mount-related permissions from unconfined domains.


Only allow to specific domains as required, and add a neverallow
to prevent allowing it to other domains not explicitly whitelisted.
sdcard_type is exempted from the neverallow since more domains
require the ability to mount it, including device-specific domains.

Change-Id: Ia6476d1c877f5ead250749fb12bff863be5e9f27
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 48b18832

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 8 additions and 1 deletion

Please register or to comment