Skip to content
Snippets Groups Projects
Commit dd9df723 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by android-build-merger
Browse files

Allow AOSP processes to read pm_prop am: 0f5ad4e5 am: 21ce3450 

am: 4eb9687f

Change-Id: I4b31f1067f7e845afce4d1cf6c77176d2b97ff4b
parents d7679834 4eb9687f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/coredomain.te 0 → 100644
+ 1
0
View file @ dd9df723
get_prop(coredomain, pm_prop)
public/domain.te
+ 4
0
View file @ dd9df723
...@@ -450,6 +450,10 @@ neverallow * hidl_base_hwservice:hwservice_manager find; ...@@ -450,6 +450,10 @@ neverallow * hidl_base_hwservice:hwservice_manager find;
neverallow { domain -init } default_prop:property_service set; neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set; neverallow { domain -init } mmc_prop:property_service set;
# Only core domains are allowed to access package_manager properties
neverallow { domain -init -system_server } pm_prop:property_service set;
neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
# Do not allow reading device's serial number from system properties except form # Do not allow reading device's serial number from system properties except form
# a few whitelisted domains. # a few whitelisted domains.
neverallow { neverallow {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment