Do not allow priv_apps to scan all exec files
Bug: 36463595 Test: sailfish boots without new denials Change-Id: I4271a293b91ab262dddd4d40220cd7daaff53bf2 Signed-off-by: Sandeep Patil <sspatil@google.com> (cherry picked from commit b2586825e1ce92d637754b4c40e4d5edfd50a1a6)
This commit is contained in:
Sandeep Patil
parent
46f9c124b4
commit
0b9432023d
1 changed files with 0 additions and 3 deletions
|
|
@ -72,9 +72,6 @@ userdebug_or_eng(`
|
|||
allow priv_app perfprofd_data_file:dir r_dir_perms;
|
||||
')
|
||||
|
||||
# Allow GMS core to scan executables on the system partition
|
||||
allow priv_app exec_type:file { getattr read open };
|
||||
|
||||
# For AppFuse.
|
||||
allow priv_app vold:fd use;
|
||||
allow priv_app fuse_device:chr_file { read write };
|
||||
|
|
|
|||
Loading…
Reference in a new issue