Skip to content
Snippets Groups Projects
Commit e288cfa1 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "su.te: drop domain_deprecated and app auditallow rules."

parents 1bd0712e 0af2aa0b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app.te
+ 2
2
View file @ e288cfa1
...@@ -219,8 +219,8 @@ selinux_check_access(appdomain) ...@@ -219,8 +219,8 @@ selinux_check_access(appdomain)
selinux_check_context(appdomain) selinux_check_context(appdomain)
# appdomain should not be accessing information on /sys # appdomain should not be accessing information on /sys
auditallow appdomain sysfs:dir { open getattr read ioctl }; auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
auditallow appdomain sysfs:file r_file_perms; auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
### ###
### Neverallow rules ### Neverallow rules
......
su.te
+ 1
1
View file @ e288cfa1
...@@ -5,7 +5,7 @@ userdebug_or_eng(` ...@@ -5,7 +5,7 @@ userdebug_or_eng(`
# Domain used for su processes, as well as for adbd and adb shell # Domain used for su processes, as well as for adbd and adb shell
# after performing an adb root command. The domain definition is # after performing an adb root command. The domain definition is
# wrapped to ensure that it does not exist at all on -user builds. # wrapped to ensure that it does not exist at all on -user builds.
type su, domain, domain_deprecated, mlstrustedsubject; type su, domain, mlstrustedsubject;
domain_auto_trans(shell, su_exec, su) domain_auto_trans(shell, su_exec, su)
# Allow dumpstate to call su on userdebug / eng builds to collect # Allow dumpstate to call su on userdebug / eng builds to collect
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment