untrusted_app: confine filesystem creation to sandbox (db664c9e) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit db664c9e authored 9 years ago by William Roberts Committed by Nick Kralevich 9 years ago

untrusted_app: confine filesystem creation to sandbox


untrusted_apps could be allowed to create/unlink files in world
accessible /data locations. These applications could create
files in a way that would need cap dac_override to remove from
the system when they are uninstalled and/or leave orphaned
data behind.

Keep untrusted_app file creation to sandbox, sdcard and media
locations.

Signed-off-by: William Roberts <william.c.roberts@intel.com>

(cherry picked from commit bd0768cc)

Change-Id: Ideb275f696606882d8a5d8fdedb48545a34de887

parent 66855fca

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 18 additions and 0 deletions

Please register or to comment