Skip to content
Snippets Groups Projects
Commit 84fa314f authored by Nick Kralevich's avatar Nick Kralevich Committed by Android Git Automerger
Browse files

am f836abef: am 8bd13687: neverallow su_exec:file execute 

* commit 'f836abef':
  neverallow su_exec:file execute
parents 323d741f f836abef
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 0 deletions
domain.te
+ 5
0
View file @ 84fa314f
...@@ -370,3 +370,8 @@ neverallow domain domain:{ shm sem msg msgq } *; ...@@ -370,3 +370,8 @@ neverallow domain domain:{ shm sem msg msgq } *;
# Do not mount on top of symlinks, fifos, or sockets. # Do not mount on top of symlinks, fifos, or sockets.
# Feature parity with Chromium LSM. # Feature parity with Chromium LSM.
neverallow domain { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton; neverallow domain { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
# Nobody should be able to execute su on user builds.
# On userdebug/eng builds, only dumpstate, shell, and
# su itself execute su.
neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment