PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Revert "Ensure only com.android.shell can run in the shell domain.""

Browse Source 
This reverts commit bf0c2a59f8.

Bug:68126425
Test: No apps affected by not being able to run in shell domain
Change-Id: I8b93eecd023fbb392a98253d721dad75f79b61f4
Merged-In: I8b93eecd023fbb392a98253d721dad75f79b61f4
This commit is contained in:
Max Bires 2018-01-24 21:17:18 +00:00
parent 50fa7be796
commit 1a703fedc7
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
private/seapp_contexts
View File

@ -91,6 +91,10 @@ neverallow user=((?!_isolated).)* domain=isolated_app
# uid's can be in shell domain
neverallow user=shell domain=((?!shell).)*
# only the package named com.android.shell can run in the shell domain
neverallow domain=shell name=((?!com\.android\.shell).)*
neverallow user=shell name=((?!com\.android\.shell).)*
# Ephemeral Apps must run in the ephemeral_app domain
neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
@ -102,7 +106,7 @@ user=nfc seinfo=platform domain=nfc type=nfc_data_file
user=secure_element seinfo=platform domain=secure_element levelFrom=all
user=radio seinfo=platform domain=radio type=radio_data_file
user=shared_relro domain=shared_relro
user=shell seinfo=platform domain=shell type=shell_data_file
user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
user=_isolated domain=isolated_app levelFrom=user
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user