Update text relocation neverallow assertions
am: 89424bf947
* commit '89424bf9470931df90afa4f6d141b3696ad5a632':
Update text relocation neverallow assertions
This commit is contained in:
Nick Kralevich
android-build-merger
commit
984b0030a1
1 changed files with 2 additions and 3 deletions
|
|
@ -417,7 +417,6 @@ neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_
|
|||
# which, long term, need to go away.
|
||||
neverallow domain {
|
||||
file_type
|
||||
-system_file # needs to die. b/20013628
|
||||
-system_data_file
|
||||
-apk_data_file
|
||||
-app_data_file
|
||||
|
|
@ -429,9 +428,9 @@ neverallow domain {
|
|||
# required by some device-specific service domains.
|
||||
neverallow domain self:process { execstack execheap };
|
||||
|
||||
# TODO: prohibit non-zygote spawned processes from using shared libraries
|
||||
# prohibit non-zygote spawned processes from using shared libraries
|
||||
# with text relocations. b/20013628 .
|
||||
# neverallow { domain -appdomain } file_type:file execmod;
|
||||
neverallow { domain -appdomain } file_type:file execmod;
|
||||
|
||||
neverallow { domain -init } proc:{ file dir } mounton;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue