Skip to content
Snippets Groups Projects
Commit 577b7a5d authored by android-build-prod (mdb)'s avatar android-build-prod (mdb) Committed by Gerrit Code Review
Browse files

Merge "Only installd and init may relabel app_data_file."

parents b87d8c05 0afa024c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
public/domain.te
+ 6
0
View file @ 577b7a5d
...@@ -1187,6 +1187,12 @@ neverallow { ...@@ -1187,6 +1187,12 @@ neverallow {
-installd # creation of sandbox -installd # creation of sandbox
} app_data_file:dir_file_class_set { create unlink }; } app_data_file:dir_file_class_set { create unlink };
neverallow {
domain
-init
-installd
} app_data_file:dir_file_class_set { relabelfrom relabelto };
# #
# Only these domains should transition to shell domain. This domain is # Only these domains should transition to shell domain. This domain is
# permissible for the "shell user". If you need a process to exec a shell # permissible for the "shell user". If you need a process to exec a shell
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment