Skip to content
Snippets Groups Projects
Commit 2fedc4b7 authored by Daniel Cashman's avatar Daniel Cashman Committed by Android (Google) Code Review
Browse files

Merge "Remove appdomain sysfs auditallow." into nyc-dev

parents d7eedeb8 1af60916
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 4 deletions
app.te
+ 0
4
View file @ 2fedc4b7
...@@ -229,10 +229,6 @@ allow appdomain runas_exec:file getattr; ...@@ -229,10 +229,6 @@ allow appdomain runas_exec:file getattr;
selinux_check_access(appdomain) selinux_check_access(appdomain)
selinux_check_context(appdomain) selinux_check_context(appdomain)
# appdomain should not be accessing information on /sys
auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
# Apps receive an open tun fd from the framework for # Apps receive an open tun fd from the framework for
# device traffic. Do not allow untrusted app to directly open tun_device # device traffic. Do not allow untrusted app to directly open tun_device
allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append }; allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment