Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
sepolicy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CodeLinaro
public-release-test
platform
system
sepolicy
Commits
21eed511
Commit
21eed511
authored
6 years ago
by
Treehugger Robot
Committed by
Gerrit Code Review
6 years ago
Browse files
Options
Downloads
Plain Diff
Merge "Block access to xt_qtaguid proc files"
parents
da427a33
16dbe82e
Branches
Branches containing commit
No related tags found
No related merge requests found
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
private/priv_app.te
+0
-15
0 additions, 15 deletions
private/priv_app.te
private/untrusted_app_25.te
+0
-6
0 additions, 6 deletions
private/untrusted_app_25.te
private/untrusted_app_27.te
+0
-6
0 additions, 6 deletions
private/untrusted_app_27.te
public/shell.te
+0
-1
0 additions, 1 deletion
public/shell.te
with
0 additions
and
28 deletions
private/priv_app.te
+
0
−
15
View file @
21eed511
...
...
@@ -92,21 +92,6 @@ r_dir_file(priv_app, proc_net_type)
userdebug_or_eng(`
auditallow priv_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
# TODO(b/68774956) qtaguid access has been moved to netd. Access is deprecated. Audit for
# removal.
allow priv_app proc_qtaguid_ctrl:file rw_file_perms;
userdebug_or_eng(`
auditallow priv_app proc_qtaguid_ctrl:file rw_file_perms;
')
r_dir_file(priv_app, proc_qtaguid_stat)
userdebug_or_eng(`
auditallow priv_app proc_qtaguid_stat:dir r_dir_perms;
auditallow priv_app proc_qtaguid_stat:file r_file_perms;
')
allow priv_app qtaguid_device:chr_file r_file_perms;
userdebug_or_eng(`
auditallow priv_app qtaguid_device:chr_file r_file_perms;
')
allow priv_app sysfs_type:dir search;
# Read access to /sys/class/net/wlan*/address
...
...
This diff is collapsed.
Click to expand it.
private/untrusted_app_25.te
+
0
−
6
View file @
21eed511
...
...
@@ -41,12 +41,6 @@ allow untrusted_app_25 proc_misc:file r_file_perms;
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
# qtaguid access. This is not a public API. Access will be removed in a
# future version of Android.
allow untrusted_app_25 proc_qtaguid_ctrl:file rw_file_perms;
r_dir_file(untrusted_app_25, proc_qtaguid_stat)
allow untrusted_app_25 qtaguid_device:chr_file r_file_perms;
# Text relocation support for API < 23
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
This diff is collapsed.
Click to expand it.
private/untrusted_app_27.te
+
0
−
6
View file @
21eed511
...
...
@@ -26,9 +26,3 @@ app_domain(untrusted_app_27)
untrusted_app_domain(untrusted_app_27)
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
# qtaguid access. This is not a public API. Access will be removed in a
# future version of Android.
allow untrusted_app_27 proc_qtaguid_ctrl:file rw_file_perms;
r_dir_file(untrusted_app_27, proc_qtaguid_stat)
allow untrusted_app_27 qtaguid_device:chr_file r_file_perms;
This diff is collapsed.
Click to expand it.
public/shell.te
+
0
−
1
View file @
21eed511
...
...
@@ -129,7 +129,6 @@ allow shell {
proc_meminfo
proc_modules
proc_pid_max
proc_qtaguid_stat
proc_slabinfo
proc_stat
proc_timer
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment