PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am c6cb6ac4: Merge "isolated_app: remove app_data_file execute"

Browse Source 
* commit 'c6cb6ac451b0faf6e9344282a909e910f819a296':
  isolated_app: remove app_data_file execute
This commit is contained in:
Nick Kralevich 2014-10-02 16:08:33 +00:00 committed by Android Git Automerger
commit 11488fa322
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
isolated_app.te
View File

@ -16,12 +16,6 @@ net_domain(isolated_app)
# Isolated apps shouldn't be able to access the driver directly. # Isolated apps shouldn't be able to access the driver directly.
neverallow isolated_app gpu_device:file { rw_file_perms execute }; neverallow isolated_app gpu_device:file { rw_file_perms execute };
# read and write access to app_data_file is already
# granted via app.te. Allow execute.
# Needed to allow dlopen() from Chrome renderer processes.
# See b/15902433 for details.
allow isolated_app app_data_file:file execute;
# Audited locally. # Audited locally.
service_manager_local_audit_domain(isolated_app) service_manager_local_audit_domain(isolated_app)
auditallow isolated_app { auditallow isolated_app {