Merge "neverallow write access to /data/dalvik-cache directories."
This commit is contained in:
Nick Kralevich
Gerrit Code Review
commit
e010f08e40
1 changed files with 8 additions and 0 deletions
|
|
@ -354,6 +354,14 @@ neverallow {
|
|||
-dex2oat
|
||||
} dalvikcache_data_file:file no_w_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-installd
|
||||
-dex2oat
|
||||
-zygote
|
||||
} dalvikcache_data_file:dir no_w_dir_perms;
|
||||
|
||||
# Only system_server should be able to send commands via the zygote socket
|
||||
neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
|
||||
neverallow { domain -system_server } zygote_socket:sock_file write;
|
||||
|
|
|
|||
Loading…
Reference in a new issue