am e96c3abe: Add neverallow for mounting on proc

* commit 'e96c3abe2e86f3ecdfdb7770629e9f73ff1e96d1': Add neverallow for mounting on proc
2015-04-14 19:02:31 +00:00 · 2015-04-14 19:02:31 +00:00 · 38885bc47a
commit 38885bc47a
parent 2e9e13d468 e96c3abe2e
1 changed files with 2 additions and 0 deletions
--- a/domain.te
+++ b/domain.te
@ -397,3 +397,5 @@ neverallow domain {
 # TODO: prohibit non-zygote spawned processes from using shared libraries
 # with text relocations. b/20013628 .
 # neverallow { domain -appdomain } file_type:file execmod;
+
+neverallow { domain -init } proc:{ file dir } mounton;