tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Prevent sandbox executing from sdk_sandbox_data_file

Browse source 
Bug: 215105355
Test: make
Change-Id: I73c6a0d5034f194bf7149336fdac1db51a2b151d
This commit is contained in:
Bram Bonne 2022-04-25 13:28:52 +02:00
parent 34423ff138
commit 078b43cd40
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
private/sdk_sandbox.te
View file

@ -47,7 +47,7 @@ allow sdk_sandbox sdk_sandbox_data_file:file create_file_perms;
### neverallow rules
###
neverallow sdk_sandbox { app_data_file privapp_data_file }:file { execute execute_no_trans };
neverallow sdk_sandbox { app_data_file privapp_data_file sdk_sandbox_data_file }:file { execute execute_no_trans };
# Receive or send uevent messages.
neverallow sdk_sandbox domain:netlink_kobject_uevent_socket *;