Merge "compos_verify_key no longer creates a vsock" am: e494c51bc9
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1827214 Change-Id: Ie1f78f588961fe6efc553e38effe34174bf3fac0
This commit is contained in:
commit
4cb59e4221
1 changed files with 0 additions and 3 deletions
|
@ -15,9 +15,6 @@ allow compos_verify_key apex_compos_data_file:file create_file_perms;
|
||||||
allow compos_verify_key odsign:fd use;
|
allow compos_verify_key odsign:fd use;
|
||||||
allow compos_verify_key odsign_devpts:chr_file { read write };
|
allow compos_verify_key odsign_devpts:chr_file { read write };
|
||||||
|
|
||||||
# TODO: Remove this!
|
|
||||||
allow compos_verify_key self:vsock_socket create_socket_perms_no_ioctl;
|
|
||||||
|
|
||||||
# Only odsign can enter the domain via exec
|
# Only odsign can enter the domain via exec
|
||||||
neverallow { domain -odsign } compos_verify_key:process transition;
|
neverallow { domain -odsign } compos_verify_key:process transition;
|
||||||
neverallow * compos_verify_key:process dyntransition;
|
neverallow * compos_verify_key:process dyntransition;
|
||||||
|
|
Loading…
Reference in a new issue