Skip to content
Snippets Groups Projects
Commit b519949d authored by Nick Kralevich's avatar Nick Kralevich
Browse files

system_server: assert app data files never opened directly 

Add a compile time assertion that app data files are never
directly opened by system_server. Instead, system_server always
expects files to be passed via file descriptors.

This neverallow rule will help prevent accidental regressions and
allow us to perform other security tightening, for example
bug 7208882 - Make an application's home directory 700

Bug: 7208882
Change-Id: I49c725982c4af0b8c76601b2a5a82a5c96df025d
parent 46f3ce87
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment