Skip to content
Snippets Groups Projects
Commit c0c035d7 authored by Alex Klyubin's avatar Alex Klyubin Committed by android-build-merger
Browse files

Merge "Loosen system app data neverallows" into oc-dev am: ad2e6166 

am: 0aa47bbf

Change-Id: Ib7a276a08b416c772eaf8fbc5d64f16cd08006da
parents dff4e63f 0aa47bbf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 1 deletion
public/domain.te
+ 8
1
View file @ c0c035d7
...@@ -656,10 +656,17 @@ neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink }; ...@@ -656,10 +656,17 @@ neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink };
# respect system_app sandboxes # respect system_app sandboxes
neverallow { neverallow {
domain domain
-system_app # its own sandbox -appdomain # finer-grained rules for appdomain are listed below
-system_server #populate com.android.providers.settings/databases/settings.db. -system_server #populate com.android.providers.settings/databases/settings.db.
-installd # creation of app sandbox -installd # creation of app sandbox
} system_app_data_file:dir_file_class_set { create unlink open }; } system_app_data_file:dir_file_class_set { create unlink open };
neverallow {
isolated_app
untrusted_app_all # finer-grained rules for appdomain are listed below
ephemeral_app
priv_app
} system_app_data_file:dir_file_class_set { create unlink open };
# Services should respect app sandboxes # Services should respect app sandboxes
neverallow { neverallow {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment