Merge "Merge rvc-qpr-dev-plus-aosp-without-vendor@6881855" into stage-aosp-master
This commit is contained in:
commit
77ec098a0a
2 changed files with 2 additions and 2 deletions
|
@ -54,7 +54,7 @@ mlsconstrain dir_file_class_set { create relabelfrom relabelto }
|
|||
# Only constrain open, not read/write.
|
||||
# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
|
||||
# Subject must dominate object unless the subject is trusted.
|
||||
mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
|
||||
mlsconstrain dir { open search getattr setattr rename add_name remove_name reparent rmdir }
|
||||
( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject);
|
||||
mlsconstrain { file sock_file } { open setattr unlink link rename }
|
||||
( (t2 != app_data_file and t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
|
||||
|
|
|
@ -54,7 +54,7 @@ mlsconstrain dir_file_class_set { create relabelfrom relabelto }
|
|||
# Only constrain open, not read/write, so already open fds can be used.
|
||||
# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
|
||||
# Subject must dominate object unless the subject is trusted.
|
||||
mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
|
||||
mlsconstrain dir { open search getattr setattr rename add_name remove_name reparent rmdir }
|
||||
(t2 != app_data_file_type or l1 dom l2 or t1 == mlstrustedsubject);
|
||||
mlsconstrain { file sock_file } { open setattr unlink link rename }
|
||||
( (t2 != app_data_file_type and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
|
||||
|
|
Loading…
Reference in a new issue