Skip to content
Snippets Groups Projects
Commit cb23ca92 authored by Stephen Smalley's avatar Stephen Smalley Committed by Nick Kralevich
Browse files

Remove domain unlabeled access. 

https://android-review.googlesource.com/#/c/95900/

 added
allow rules for unlabeled access as needed to all confined
domains.  Therefore we can remove it from domain.  The only
other domain that truly needs unlabeled access is init, which
presently inherits it from unconfineddomain.

Also prevent rules that would permit any confined domain from
creating new unlabeled files on the system.

Change-Id: I31c6478b42fbf60e3b7893b9578b6ad50170def6
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 6f6c4255
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 21 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment