tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Do not allow untrusted apps any access to kernel configuration" into oc-dev

Browse source 
am: 393c8e9438

Change-Id: I82e1a41e1bd5c9195b5c4c21e7aa0848bc270ee5
This commit is contained in:
Sandeep Patil 2017-04-21 20:31:07 +00:00 committed by android-build-merger
commit 061174fb23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/app_neverallows.te
View file

@ -98,6 +98,9 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
# Create a more specific label if needed
neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
# Avoid all access to kernel configuration
neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
# Do not allow untrusted apps access to preloads data files
neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;