am cf141426: Merge "Strengthen setenforce and setbool assertions"

* commit 'cf141426d45067f4a9709d3cf79eef3609d63ab1':
  Strengthen setenforce and setbool assertions
This commit is contained in:
Geremy Condra 2013-03-21 14:11:16 -07:00 committed by Android Git Automerger
commit f0221d47f5

View file

@ -16,7 +16,7 @@ neverallow appdomain kmem_device:chr_file { read write };
# Setting SELinux enforcing status or booleans.
# Conditionally allowed to system_app for SEAndroidManager.
neverallow { appdomain -system_app } kernel:security { setenforce setbool };
neverallow { domain -unconfineddomain -system -system_app } kernel:security { setenforce setbool };
# Load security policy.
neverallow appdomain kernel:security load_policy;