Prohibit execute to fs_type other than rootfs for most domains. (9d2703a5) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 9d2703a5 authored 10 years ago by Stephen Smalley Committed by Nick Kralevich 10 years ago

Prohibit execute to fs_type other than rootfs for most domains.


Augment the already existing neverallow on loading executable content
from file types other than /system with one on loading executable content
from filesystem types other than the rootfs.  Include exceptions for
appdomain and recovery as required by current policy.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

(cherry picked from commit 4644ac48)

Change-Id: I5e2609a128d1bf982a7a5c3fa3140d1e9346c621

parent 3cfc7ea8

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 6 additions and 1 deletion

Please register or to comment