tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Don't allow ptrace on keystore"

Browse source
This commit is contained in:
Nick Kralevich 2014-05-20 15:59:48 +00:00 committed by Gerrit Code Review
commit dcfcdbdf49
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
debuggerd.te
View file

@ -9,7 +9,7 @@ allow debuggerd self:capability2 { syslog };
allow debuggerd domain:dir r_dir_perms;
allow debuggerd domain:file r_file_perms;
allow debuggerd domain:lnk_file read;
allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd }:process ptrace;
allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process ptrace;
security_access_policy(debuggerd)
allow debuggerd system_data_file:dir create_dir_perms;
allow debuggerd system_data_file:dir relabelfrom;

4
keystore.te
View file

@ -15,7 +15,7 @@ allow keystore tee:unix_stream_socket connectto;
###
### Neverallow rules
###
### Protect our files from others
### Protect ourself from others
###
neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto };
@ -23,3 +23,5 @@ neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relab
neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:dir *;
neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:notdevfile_class_set *;
neverallow domain keystore:process ptrace;