Tighten restrictions on core <-> vendor socket comms
This futher restricts neverallows for sockets which may be exposed as filesystem nodes. This is achieved by labelling all such sockets created by core/non-vendor domains using the new coredomain_socket attribute, and then adding neverallow rules targeting that attribute. This has now effect on what domains are permitted to do. This only changes neverallow rules. Test: mmm system/sepolicy Bug: 36577153 Change-Id: I633163cf67d60677c4725b754e01097dd5790aed
Showing
- private/drmserver.te 2 additions, 0 deletionsprivate/drmserver.te
- private/system_server.te 6 additions, 0 deletionsprivate/system_server.te
- private/wificond.te 3 additions, 0 deletionsprivate/wificond.te
- public/attributes 3 additions, 0 deletionspublic/attributes
- public/domain.te 36 additions, 0 deletionspublic/domain.te
- public/file.te 25 additions, 25 deletionspublic/file.te
- vendor/hal_nfc_default.te 3 additions, 1 deletionvendor/hal_nfc_default.te
Loading
Please register or sign in to comment