tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "exclude su from app auditallow" am: 747c69f43c am: bbf21a4ffe

Browse source 
am: 3e24c640ca

Change-Id: I71252738b4bc2dfee727c900e651ee7724dbc833
This commit is contained in:
Nick Kralevich 2016-11-15 23:05:35 +00:00 committed by android-build-merger
commit 78860bcde4
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
public/app.te
View file

@ -239,9 +239,9 @@ allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
# TODO is write really necessary ?
auditallow appdomain ion_device:chr_file { write append };
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write append };
# TODO audit ion ioctl usage by apps
auditallow appdomain ion_device:chr_file ioctl;
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file ioctl;
allow { appdomain -isolated_app } hal_graphics_allocator:fd use;