tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Fix too-broad allows granted to domain"

Browse source
This commit is contained in:
Treehugger Robot 2022-10-13 05:37:13 +00:00 committed by Gerrit Code Review
commit c3b7489ee5
2 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
microdroid/system/private/domain.te
View file

@ -217,9 +217,6 @@ allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
allow domain apex_mnt_dir:dir { getattr search }; allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms; allow domain apex_mnt_dir:lnk_file r_file_perms;
allow domain self:global_capability_class_set audit_control;
allow domain self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
# globally readable properties # globally readable properties
get_prop(domain, arm64_memtag_prop) get_prop(domain, arm64_memtag_prop)
get_prop(domain, bootloader_prop) get_prop(domain, bootloader_prop)

2
microdroid/system/private/init.te
View file

@ -435,3 +435,5 @@ use_bootstrap_libs(init)
allow init fuse:dir { search getattr }; allow init fuse:dir { search getattr };
set_prop(init, property_type) set_prop(init, property_type)
allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };