tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "exclude su from app auditallow" am: 747c69f43c

Browse source 
am: bbf21a4ffe

Change-Id: I744421bb3872552287578791af1f7f8ad7949e5f
This commit is contained in:
Nick Kralevich 2016-11-15 22:57:33 +00:00 committed by android-build-merger
commit 3e24c640ca
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
public/app.te
View file

@ -239,9 +239,9 @@ allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
# TODO is write really necessary ?
auditallow appdomain ion_device:chr_file { write append };
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write append };
# TODO audit ion ioctl usage by apps
auditallow appdomain ion_device:chr_file ioctl;
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file ioctl;
allow { appdomain -isolated_app } hal_graphics_allocator:fd use;