Assert untrusted apps can't add or list hwservicemanager (5c5b6263) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 5c5b6263 authored 7 years ago by Alex Klyubin

Assert untrusted apps can't add or list hwservicemanager

This adds a neverallow rules which checks that SELinux app domains
which host arbitrary code are not allowed to access hwservicemanager
operations other than "find" operation for which there already are
strict neverallow rules in the policy.

Test: mmm system/sepolicy -- neverallow-only change
Bug: 34454312
Change-Id: I3b80c6ae2c254495704e0409e0c5c88f6ce3a6a7

parent 2a7f4fb0

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 4 additions and 0 deletions

Please register or to comment