Merge "Prevent sandbox executing from sdk_sandbox_data_file" into tm-dev

2022-05-04 08:01:03 +00:00 · 2022-05-04 08:01:03 +00:00 · c5ae3ca682
commit c5ae3ca682
parent 89b92167e2 fa56130d4b
1 changed files with 1 additions and 1 deletions
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te
@ -110,7 +110,7 @@ allow sdk_sandbox sdk_sandbox_data_file:file create_file_perms;
 ### neverallow rules
 ###

-neverallow sdk_sandbox { app_data_file privapp_data_file }:file { execute execute_no_trans };
+neverallow sdk_sandbox { app_data_file privapp_data_file sdk_sandbox_data_file }:file { execute execute_no_trans };

 # Receive or send uevent messages.
 neverallow sdk_sandbox domain:netlink_kobject_uevent_socket *;