Restrict write access to etm sysfs interface. am: 927d7a752b am: f288523c0c
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1945414 Change-Id: I7ca14acf15cf5eee452bf9d299099238db218c42
This commit is contained in:
Yabin Cui
Automerger Merge Worker
commit
f8a7b98ff6
1 changed files with 3 additions and 0 deletions
|
|
@ -569,6 +569,9 @@ enforce_debugfs_restriction(`
|
|||
}:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
# Restrict write access to etm sysfs interface.
|
||||
neverallow { domain -ueventd -vendor_init } sysfs_devices_cs_etm:file no_w_file_perms;
|
||||
|
||||
# Restrict write access to shell owned files. The /data/local/tmp directory is
|
||||
# untrustworthy, and non-allowed domains should not be trusting any content in
|
||||
# those directories. We allow shell files to be passed around by file
|
||||
|
|
|
|||
Loading…
Reference in a new issue