Remove odrefresh privileges no longer needed for CompOS
Bug: 210998077 Test: m; TH Change-Id: I4188a52c42ede9fb248b889596b91c965696fb2d
This commit is contained in:
Victor Hsieh
parent
6f6815efde
commit
88d93b984a
1 changed files with 0 additions and 13 deletions
|
|
@ -45,19 +45,6 @@ set_prop(odrefresh, bootanim_system_prop)
|
|||
get_prop(odrefresh, device_config_runtime_native_prop)
|
||||
get_prop(odrefresh, device_config_runtime_native_boot_prop)
|
||||
|
||||
# Use inherited stdin/stdout/stderr from composd which exec()'s
|
||||
# odrefesh.
|
||||
allow odrefresh composd:fd use;
|
||||
|
||||
# Run binaries from the CompOS APEX in the same domain
|
||||
allow odrefresh system_file:file execute_no_trans;
|
||||
|
||||
# Run fd_server in its own domain
|
||||
domain_auto_trans(odrefresh, fd_server_exec, compos_fd_server)
|
||||
|
||||
# And kill it via SIGTERM
|
||||
allow odrefresh compos_fd_server:process signal;
|
||||
|
||||
# Do not audit unused resources from parent processes (adb, shell, su).
|
||||
# These appear to be unnecessary for odrefresh.
|
||||
dontaudit odrefresh { adbd shell }:fd use;
|
||||
|
|
|
|||
Loading…
Reference in a new issue