Remove execmod access to system_file and exec_type. (a893edae) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit a893edae authored 10 years ago by Stephen Smalley

Remove execmod access to system_file and exec_type.


execmod is checked on attempts to make executable a file mapping
that has been modified.  Typically this indicates a text relocation
attempt.  As we do not ever allow this for any confined domain to
system_file or exec_type, we should not need it for unconfineddomain
either.

Change-Id: I8fdc858f836ae0d2aa56da2abd7797fba9c258b1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent bb75dd73

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 2 additions and 2 deletions

Please register or to comment