Skip to content
Snippets Groups Projects
Commit ac0bfccb authored by Alan Stokes's avatar Alan Stokes Committed by android-build-merger
Browse files

Merge "Re-order rules to match AOSP." into stage-aosp-master am: 95b223b4

am: 14c5117b

Change-Id: Ifd915ad3b6864e037b5ab559d9bf3f0e71fa0fb0
parents 7b377b1f 14c5117b
No related branches found
No related tags found
No related merge requests found
...@@ -126,10 +126,6 @@ unix_socket_connect(untrusted_app_all, traced_producer, traced) ...@@ -126,10 +126,6 @@ unix_socket_connect(untrusted_app_all, traced_producer, traced)
allow untrusted_app_all system_server:udp_socket { allow untrusted_app_all system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt }; connect getattr read recvfrom sendto write getopt setopt };
# Allow the allocation and use of ptys
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
create_pty(untrusted_app_all)
# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions. # This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
dontaudit untrusted_app_all net_dns_prop:file read; dontaudit untrusted_app_all net_dns_prop:file read;
...@@ -139,6 +135,10 @@ dontaudit untrusted_app_all proc_stat:file read; ...@@ -139,6 +135,10 @@ dontaudit untrusted_app_all proc_stat:file read;
dontaudit untrusted_app_all proc_vmstat:file read; dontaudit untrusted_app_all proc_vmstat:file read;
dontaudit untrusted_app_all proc_uptime:file read; dontaudit untrusted_app_all proc_uptime:file read;
# Allow the allocation and use of ptys
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
create_pty(untrusted_app_all)
# /proc/net access. # /proc/net access.
# TODO(b/9496886) Audit access for removal. # TODO(b/9496886) Audit access for removal.
# VPN apps require access to /proc/net/{tcp,udp} so access will need to be # VPN apps require access to /proc/net/{tcp,udp} so access will need to be
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment