Merge "Remove untrusted app access to /proc/net"
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
c62bdd0ec1
1 changed files with 0 additions and 12 deletions
|
|
@ -135,18 +135,6 @@ dontaudit untrusted_app_all proc_uptime:file read;
|
|||
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
|
||||
create_pty(untrusted_app_all)
|
||||
|
||||
# /proc/net access.
|
||||
# TODO(b/9496886) Audit access for removal.
|
||||
# VPN apps require access to /proc/net/{tcp,udp} so access will need to be
|
||||
# limited through a mechanism other than SELinux.
|
||||
r_dir_file(untrusted_app_all, proc_net_type)
|
||||
userdebug_or_eng(`
|
||||
auditallow untrusted_app_all {
|
||||
proc_net_type
|
||||
-proc_net_vpn
|
||||
}:{ dir file lnk_file } { getattr open read };
|
||||
')
|
||||
|
||||
# Attempts to write to system_data_file is generally a sign
|
||||
# that apps are attempting to access encrypted storage before
|
||||
# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
|
||||
|
|
|
|||
Loading…
Reference in a new issue