am cf141426
: Merge "Strengthen setenforce and setbool assertions"
* commit 'cf141426d45067f4a9709d3cf79eef3609d63ab1': Strengthen setenforce and setbool assertions
This commit is contained in:
commit
f0221d47f5
1 changed files with 1 additions and 1 deletions
|
@ -16,7 +16,7 @@ neverallow appdomain kmem_device:chr_file { read write };
|
|||
|
||||
# Setting SELinux enforcing status or booleans.
|
||||
# Conditionally allowed to system_app for SEAndroidManager.
|
||||
neverallow { appdomain -system_app } kernel:security { setenforce setbool };
|
||||
neverallow { domain -unconfineddomain -system -system_app } kernel:security { setenforce setbool };
|
||||
|
||||
# Load security policy.
|
||||
neverallow appdomain kernel:security load_policy;
|
||||
|
|
Loading…
Reference in a new issue