tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

strengthen vendor_file neverallows

Browse source 
no writing to vendor_file_type is the intention
here, but they only restricted vendor_file.

Bug: 281877578
Test: build (neverallow only change)

Change-Id: Ic5459dcd420ee24bad8310a587a0b9b1cc5b966a
This commit is contained in:
Steven Moreland 2023-05-18 00:05:24 +00:00
parent 9c2a5cf0c9
commit 07e0430bd0
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/heapprofd.te
View file

@ -70,5 +70,6 @@ never_profile_heap(`{
}') }')
full_treble_only(` full_treble_only(`
neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms }; neverallow heapprofd vendor_file_type:file no_w_file_perms;
neverallow heapprofd { vendor_file_type -vndk_sp_file }:file no_x_file_perms;
') ')