Skip to content
Snippets Groups Projects
Commit b46c47fe authored by dcashman's avatar dcashman Committed by Android Git Automerger
Browse files

am b4585e37: am 10ecd05d: Add neverallow rule for set_context_mgr. 

* commit 'b4585e37':
  Add neverallow rule for set_context_mgr.
parents 433f2af5 b4585e37
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
domain.te
+ 3
0
View file @ b46c47fe
......@@ -329,3 +329,6 @@ neverallow { domain -recovery } system_block_device:blk_file write;
# No domains other than install_recovery or recovery can write to recovery.
neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
# Only servicemanager should be able to register with binder as the context manager
neverallow { domain -servicemanager } *:binder set_context_mgr;
unconfined.te
+ 1
1
View file @ b46c47fe
......@@ -90,4 +90,4 @@ allow unconfineddomain contextmount_type:notdevfile_class_set r_file_perms;
allow unconfineddomain node_type:node *;
allow unconfineddomain netif_type:netif *;
allow unconfineddomain domain:peer recv;
allow unconfineddomain { domain -init }:binder { call transfer set_context_mgr };
allow unconfineddomain { domain -init }:binder { call transfer };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment