Merge "Restrict system_server_startup domain" am: 825936c473 am: 5607594999
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903593 Change-Id: Ia71c9605871faf108c4c9f34f79d90be4f5656c1
This commit is contained in:
Treehugger Robot
Automerger Merge Worker
commit
137cf89a16
1 changed files with 3 additions and 1 deletions
|
|
@ -99,9 +99,11 @@
|
|||
# inputs are matched on a key value rule line.
|
||||
#
|
||||
|
||||
# only the system server can be in system_server domain
|
||||
# only the system server can be assigned the system_server domains
|
||||
neverallow isSystemServer=false domain=system_server
|
||||
neverallow isSystemServer=false domain=system_server_startup
|
||||
neverallow isSystemServer="" domain=system_server
|
||||
neverallow isSystemServer="" domain=system_server_startup
|
||||
|
||||
# system domains should never be assigned outside of system uid
|
||||
neverallow user=((?!system).)* domain=system_app
|
||||
|
|
|
|||
Loading…
Reference in a new issue