Skip to content
Snippets Groups Projects
Commit fd47d021 authored by Nick Kralevich's avatar Nick Kralevich Committed by Android (Google) Code Review
Browse files

Merge "Remove recovery from mknod neverallow rule"

parents 4d9c99d1 98a2f7fe
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
domain.te
+ 1
1
View file @ fd47d021
...@@ -185,7 +185,7 @@ neverallow { ...@@ -185,7 +185,7 @@ neverallow {
} self:capability sys_ptrace; } self:capability sys_ptrace;
# Limit device node creation to these whitelisted domains. # Limit device node creation to these whitelisted domains.
neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod; neverallow { domain -kernel -init -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod;
# Limit raw I/O to these whitelisted domains. # Limit raw I/O to these whitelisted domains.
neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio; neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment