tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Only installd and init may relabel app_data_file."

Browse source
This commit is contained in:
android-build-prod (mdb) 2018-05-01 23:35:16 +00:00 committed by Gerrit Code Review
commit 577b7a5d7b
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
public/domain.te
View file

@ -1187,6 +1187,12 @@ neverallow {
-installd # creation of sandbox -installd # creation of sandbox
} app_data_file:dir_file_class_set { create unlink }; } app_data_file:dir_file_class_set { create unlink };
neverallow {
domain
-init
-installd
} app_data_file:dir_file_class_set { relabelfrom relabelto };
# #
# Only these domains should transition to shell domain. This domain is # Only these domains should transition to shell domain. This domain is
# permissible for the "shell user". If you need a process to exec a shell # permissible for the "shell user". If you need a process to exec a shell