0130154985
Some file types used as domain entrypoints were missing the exec_type attribute. Add it and add a neverallow rule to keep it that way. Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
8 lines
199 B
Text
8 lines
199 B
Text
# Domain for shell processes spawned by ADB
|
|
type shell, domain;
|
|
type shell_exec, exec_type, file_type;
|
|
unconfined_domain(shell)
|
|
|
|
# Run app_process.
|
|
# XXX Split into its own domain?
|
|
app_domain(shell)
|