Skip to content
Snippets Groups Projects
Commit 0afa024c authored by Maddie Stone's avatar Maddie Stone
Browse files

Only installd and init may relabel app_data_file. 

Bug: 78517829
Test: build aosp_sailfish-userdebug
Change-Id: I5e1a97b9fb6fa9ff9fd49e1e664769ae70aeda37
parent 922070d8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
public/domain.te
+ 6
0
View file @ 0afa024c
...@@ -1187,6 +1187,12 @@ neverallow { ...@@ -1187,6 +1187,12 @@ neverallow {
-installd # creation of sandbox -installd # creation of sandbox
} app_data_file:dir_file_class_set { create unlink }; } app_data_file:dir_file_class_set { create unlink };
neverallow {
domain
-init
-installd
} app_data_file:dir_file_class_set { relabelfrom relabelto };
# #
# Only these domains should transition to shell domain. This domain is # Only these domains should transition to shell domain. This domain is
# permissible for the "shell user". If you need a process to exec a shell # permissible for the "shell user". If you need a process to exec a shell
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment