Skip to content
Snippets Groups Projects
Commit df80ebd9 authored by William Roberts's avatar William Roberts Committed by Android Git Automerger
Browse files

am d0919ec2: assert: do not allow raw access to generic block_device 

* commit 'd0919ec2':
  assert: do not allow raw access to generic block_device
parents b4f8d095 d0919ec2
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
domain.te
+ 4
0
View file @ df80ebd9
...@@ -183,3 +183,7 @@ neverallow domain init:process ptrace; ...@@ -183,3 +183,7 @@ neverallow domain init:process ptrace;
# Init can't receive binder calls. If this neverallow rule is being # Init can't receive binder calls. If this neverallow rule is being
# triggered, it's probably due to a service with no SELinux domain. # triggered, it's probably due to a service with no SELinux domain.
neverallow domain init:binder call; neverallow domain init:binder call;
# Don't allow raw read/write/open access to block_device
# Rather force a relabel to a more specific type
neverallow { domain -unconfineddomain -vold } block_device:blk_file { open read write };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment