Prohibit execute to fs_type other than rootfs for most domains. (4644ac48) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 4644ac48 authored 10 years ago by Stephen Smalley

Prohibit execute to fs_type other than rootfs for most domains.


Augment the already existing neverallow on loading executable content
from file types other than /system with one on loading executable content
from filesystem types other than the rootfs.  Include exceptions for
appdomain and recovery as required by current policy.

Change-Id: I73d70ab04719a67f71e48ac795025f2ccd5da385
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 958ef563

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 6 additions and 1 deletion

Please register or to comment