Skip to content
Snippets Groups Projects
Commit f84989e5 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Assert untrusted apps can't add or list hwservicemanager" into oc-dev

parents e5f4d874 5c5b6263
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/app_neverallows.te
+ 4
0
View file @ f84989e5
...@@ -108,6 +108,10 @@ neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms; ...@@ -108,6 +108,10 @@ neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
# against privileged system components # against privileged system components
neverallow all_untrusted_apps system_file:file lock; neverallow all_untrusted_apps system_file:file lock;
# Do not permit untrusted apps to perform actions on HwBinder service_manager
# other than find actions for services listed below
neverallow all_untrusted_apps *:hwservice_manager ~find;
# Do not permit access from apps which host arbitrary code to HwBinder services, # Do not permit access from apps which host arbitrary code to HwBinder services,
# except those considered sufficiently safe for access from such apps. # except those considered sufficiently safe for access from such apps.
# The two main reasons for this are: # The two main reasons for this are:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment