Only allow supplemental_process to execute from read-only locations

Test: atest SupplementalProcessTest Bug: 215105355 Ignore-AOSP-First: Cherry picking internally first to rename. Will be cherry-picked to AOSP right after. Change-Id: I1b6d1a778cb658bdfd930b684e4ba0640031b226 Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226 (cherry picked from commit 8ea8587abb)
2022-01-18 11:44:54 +01:00 · 2022-01-18 11:44:54 +01:00 · 718ac20edb
commit 718ac20edb
parent 7360c341f1
1 changed files with 1 additions and 0 deletions
--- a/private/app.te
+++ b/private/app.te
@ -476,6 +476,7 @@ neverallow {
  nfc
  radio
  shared_relro
+  supplemental_process
  system_app
 } {
  data_file_type