Skip to content
Snippets Groups Projects
Commit c1812181 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Deduplicate and rationalize system_server /proc/pid access. 


The system_server has duplicate/overlapping rules regarding
/proc/pid access as well as a lack of clarity on the reason
for the different rules.  Deduplicate the rules and clarify
the purpose of different sets of rules.

Replace the rules granting /proc/pid access for all domains with
specific rules only for domains that we know should be accessible
by the system_server, i.e. all apps (appdomain) and the set of
native processes listed in com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST.

Change-Id: Idae6fc87e19e1700cdc4bdbde521d35caa046d74
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent d9d9d2f4
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 12 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment