Skip to content
Snippets Groups Projects
Commit 75425e23 authored by Tri Vo's avatar Tri Vo Committed by android-build-merger
Browse files

Wider neverallow rules for coredomain /dev access. 

am: 2725edc6

Change-Id: Id49312c4ad3edf1b2837d041c80cfc9a02e927ae
parents 989ecdbf 2725edc6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 9 additions and 9 deletions
private/coredomain.te
+ 9
9
View file @ 75425e23
...@@ -169,12 +169,12 @@ full_treble_only(` ...@@ -169,12 +169,12 @@ full_treble_only(`
}{ usbfs binfmt_miscfs }:file no_rw_file_perms; }{ usbfs binfmt_miscfs }:file no_rw_file_perms;
') ')
# Following /dev nodes must not be directly accessed by coredomain after Treble, # Following /dev nodes must not be directly accessed by coredomain, but should
# but should instead be wrapped by HALs. # instead be wrapped by HALs.
full_treble_only(` neverallow coredomain {
neverallow coredomain { iio_device
iio_device radio_device
radio_device # TODO(b/120243891): HAL permission to tee_device is included into coredomain
tee_device # on non-Treble devices.
}:chr_file { open read append write ioctl }; full_treble_only(`tee_device')
') }:chr_file { open read append write ioctl };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment