Revert "Revert "Ensure only com.android.shell can run in the shell domain.""
This reverts commit bf0c2a59f8
.
Bug:68126425
Test: No apps affected by not being able to run in shell domain
Change-Id: I8b93eecd023fbb392a98253d721dad75f79b61f4
Merged-In: I8b93eecd023fbb392a98253d721dad75f79b61f4
This commit is contained in:
parent
50fa7be796
commit
1a703fedc7
@ -91,6 +91,10 @@ neverallow user=((?!_isolated).)* domain=isolated_app
|
||||
# uid's can be in shell domain
|
||||
neverallow user=shell domain=((?!shell).)*
|
||||
|
||||
# only the package named com.android.shell can run in the shell domain
|
||||
neverallow domain=shell name=((?!com\.android\.shell).)*
|
||||
neverallow user=shell name=((?!com\.android\.shell).)*
|
||||
|
||||
# Ephemeral Apps must run in the ephemeral_app domain
|
||||
neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
|
||||
|
||||
@ -102,7 +106,7 @@ user=nfc seinfo=platform domain=nfc type=nfc_data_file
|
||||
user=secure_element seinfo=platform domain=secure_element levelFrom=all
|
||||
user=radio seinfo=platform domain=radio type=radio_data_file
|
||||
user=shared_relro domain=shared_relro
|
||||
user=shell seinfo=platform domain=shell type=shell_data_file
|
||||
user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
|
||||
user=_isolated domain=isolated_app levelFrom=user
|
||||
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
|
||||
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
|
||||
|
Loading…
Reference in New Issue
Block a user