Skip to content
Snippets Groups Projects
Commit df48bd2c authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Remove zygote write access to system_data_file. 


These rules seem to be a legacy of old Android or perhaps old policy
before we began splitting types on /data.  I have not been able to
trigger the auditallow rules on AOSP master.  Reduce the rules to
only read access to system data.  If we need write access to some
specific directory under /data, we should introduce a type for it.

Change-Id: I780835950cc366c97b7d0901fc73527d9ea479b1
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent f78fb4e0
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 5 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment