tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "exclude su from app auditallow"

Browse source
This commit is contained in:
Treehugger Robot 2016-11-15 22:40:49 +00:00 committed by Gerrit Code Review
commit 747c69f43c
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
public/app.te
View file

@ -239,9 +239,9 @@ allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
# TODO is write really necessary ?
auditallow appdomain ion_device:chr_file { write append };
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write append };
# TODO audit ion ioctl usage by apps
auditallow appdomain ion_device:chr_file ioctl;
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file ioctl;
allow { appdomain -isolated_app } hal_graphics_allocator:fd use;