Skip to content
Snippets Groups Projects
Commit c62bdd0e authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Remove untrusted app access to /proc/net"

parents f505d744 d78e07cb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/untrusted_app_all.te
+ 0
12
View file @ c62bdd0e
...@@ -135,18 +135,6 @@ dontaudit untrusted_app_all proc_uptime:file read; ...@@ -135,18 +135,6 @@ dontaudit untrusted_app_all proc_uptime:file read;
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
create_pty(untrusted_app_all) create_pty(untrusted_app_all)
# /proc/net access.
# TODO(b/9496886) Audit access for removal.
# VPN apps require access to /proc/net/{tcp,udp} so access will need to be
# limited through a mechanism other than SELinux.
r_dir_file(untrusted_app_all, proc_net_type)
userdebug_or_eng(`
auditallow untrusted_app_all {
proc_net_type
-proc_net_vpn
}:{ dir file lnk_file } { getattr open read };
')
# Attempts to write to system_data_file is generally a sign # Attempts to write to system_data_file is generally a sign
# that apps are attempting to access encrypted storage before # that apps are attempting to access encrypted storage before
# the ACTION_USER_UNLOCKED intent is delivered. Suppress this # the ACTION_USER_UNLOCKED intent is delivered. Suppress this
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment