Merge "Allow CTS DeviceInfo to read VAB prop." am: ef663f6cf5
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1576751 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I68db59c9738b2f7b275391ef148e97aebc698773
This commit is contained in:
Yifan Hong
Automerger Merge Worker
commit
2005aaa721
1 changed files with 4 additions and 0 deletions
|
|
@ -71,6 +71,9 @@ allow appdomain font_data_file:dir r_dir_perms;
|
|||
allow appdomain { apex_art_data_file apex_module_data_file }:dir search;
|
||||
allow appdomain apex_art_data_file:file r_file_perms;
|
||||
|
||||
# Allow APFE device info to read Virtual A/B props.
|
||||
get_prop(appdomain, virtual_ab_prop)
|
||||
|
||||
# Sensitive app domains are not allowed to execute from /data
|
||||
# to prevent persistence attacks and ensure all code is executed
|
||||
# from read-only locations.
|
||||
|
|
@ -88,3 +91,4 @@ neverallow {
|
|||
-system_data_file # shared libs in apks
|
||||
-apk_data_file
|
||||
}:file no_x_file_perms;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue