Skip to content
Snippets Groups Projects
Commit c6cb6ac4 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "isolated_app: remove app_data_file execute"

parents 206b1a6c 94f9ff87
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 6 deletions
isolated_app.te
+ 0
6
View file @ c6cb6ac4
...@@ -16,12 +16,6 @@ net_domain(isolated_app) ...@@ -16,12 +16,6 @@ net_domain(isolated_app)
# Isolated apps shouldn't be able to access the driver directly. # Isolated apps shouldn't be able to access the driver directly.
neverallow isolated_app gpu_device:file { rw_file_perms execute }; neverallow isolated_app gpu_device:file { rw_file_perms execute };
# read and write access to app_data_file is already
# granted via app.te. Allow execute.
# Needed to allow dlopen() from Chrome renderer processes.
# See b/15902433 for details.
allow isolated_app app_data_file:file execute;
# Audited locally. # Audited locally.
service_manager_local_audit_domain(isolated_app) service_manager_local_audit_domain(isolated_app)
auditallow isolated_app { auditallow isolated_app {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment