Merge "Remove media crash neverallow exception." am: 34f4ca820f
am: a5003227d3
am: a7b911daf6
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2027103 Change-Id: I1635dcb6ffd32050fa9f18f3f0163f4dda2d86b2
This commit is contained in:
commit
c97d76e491
1 changed files with 1 additions and 13 deletions
|
@ -1029,19 +1029,7 @@ neverallow { domain -system_server -webview_zygote -app_zygote } webview_zygote:
|
|||
neverallow { domain -system_server } webview_zygote:sock_file write;
|
||||
neverallow { domain -system_server } app_zygote:sock_file write;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-tombstoned
|
||||
-crash_dump
|
||||
-dumpstate
|
||||
-incidentd
|
||||
-system_server
|
||||
|
||||
# Processes that can't exec crash_dump
|
||||
-hal_codec2_server
|
||||
-hal_omx_server
|
||||
-mediaextractor
|
||||
} tombstoned_crash_socket:unix_stream_socket connectto;
|
||||
neverallow domain tombstoned_crash_socket:unix_stream_socket connectto;
|
||||
|
||||
# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
|
||||
# the tombstoned intercept socket.
|
||||
|
|
Loading…
Reference in a new issue