Skip to content
Snippets Groups Projects
Commit 235d4860 authored by Tri Vo's avatar Tri Vo
Browse files

Finalize cgroup permissions. 

Policy w.r.t to apps:
- cgroup access from untrusted apps and priv app is neverallow'ed.
- other apps (e.g. vendor apps) need to explicitly declare appropriate
access rules to cgroups.

Policy w.r.t native domains:
- libcutils exports API to /dev/{cpuset, stune}/*. This API is used
abundantly in native vendor code. So we are not going to limit non-app
access to cgroup.

Bug: 110043362
Bug: 117666318
Test: m selinux_policy, boot device
Change-Id: I83aee21ca3e8941725c70706769ea9dbdc76b9c5
parent b7d36521
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 30 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment