Merge "domain: relax execmod restrictions"
This commit is contained in:
Nick Kralevich
Gerrit Code Review
commit
b62b2020b3
1 changed files with 4 additions and 1 deletions
|
|
@ -390,10 +390,13 @@ neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_
|
|||
# which, long term, need to go away.
|
||||
neverallow domain {
|
||||
file_type
|
||||
-system_file # needs to die. b/20013628
|
||||
-system_data_file
|
||||
-apk_data_file
|
||||
-app_data_file
|
||||
-asec_public_file
|
||||
}:file execmod;
|
||||
|
||||
neverallow { domain -appdomain } file_type:file execmod;
|
||||
# TODO: prohibit non-zygote spawned processes from using shared libraries
|
||||
# with text relocations. b/20013628 .
|
||||
# neverallow { domain -appdomain } file_type:file execmod;
|
||||
|
|
|
|||
Loading…
Reference in a new issue