Explicitly label system_server's dependencies in /proc (8c2323d3) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 8c2323d3 authored 7 years ago by Tri Vo

Explicitly label system_server's dependencies in /proc

Labeled:
/proc/asound/cards -> proc_asound_cards
/proc/loadavg -> proc_loadavg
/proc/pagetypeinfo -> proc_pagetypeinfo
/proc/version -> proc_version
/proc/vmallocinfo -> proc_vmallocinfo

system_server: added access to all new types  and removed access to proc label.
init: added access to proc_version.
dumpstate: added access to proc_pagetypeinfo, proc_version,
proc_vmallocinfo.
hal_audio: added access to proc_asound_cards.
all_untrusted_apps: extended neverallow rule to include new labels.

Bug: 65980789
Test: device boots without selinux denials to the newly introduced
labels.
Test: "adb shell dumpstate" throws no violations to new labels.
Change-Id: Ic60facd3d4776e38d5e3ba003d06ada4e52c7dca

parent f7895a5e

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 32 additions and 3 deletions

Please register or to comment