tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Do not allow apps to access network address file"

Browse source
This commit is contained in:
Jeffrey Vander Stoep 2015-07-29 15:42:44 +00:00 committed by Gerrit Code Review
commit 6f7de297b3
3 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
file.te
View file

@ -21,6 +21,7 @@ type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
type sysfs_mac_address, fs_type, sysfs_type;
# /sys/devices/system/cpu
type sysfs_devices_system_cpu, fs_type, sysfs_type;
# /sys/module/lowmemorykiller

1
system_server.te
View file

@ -146,6 +146,7 @@ selinux_check_access(system_server)
allow system_server sysfs:file rw_file_perms;
allow system_server sysfs_nfc_power_writable:file rw_file_perms;
allow system_server sysfs_devices_system_cpu:file w_file_perms;
allow system_server sysfs_mac_address:file r_file_perms;
# Access devices.
allow system_server device:dir r_dir_perms;

3
untrusted_app.te
View file

@ -142,3 +142,6 @@ neverallow untrusted_app mlstrustedsubject:process fork;
# bugs, so we want to ensure untrusted_app never has this
# capability.
neverallow untrusted_app file_type:file link;
# Do not allow untrusted_app to access network MAC address file
neverallow untrusted_app sysfs_mac_address:file no_rw_file_perms;