Revert "Allow MediaProvider to host FUSE devices."
This reverts commit b56cc6fb1f
.
Reason for revert: Not necessary
Change-Id: I99d7df2435294e78b753149e20377e78c1c60d36
This commit is contained in:
parent
b56cc6fb1f
commit
74a6730767
@ -137,8 +137,8 @@ neverallow { all_untrusted_apps -mediaprovider } {
|
||||
')
|
||||
}:dir_file_class_set { create unlink };
|
||||
|
||||
# No untrusted component except mediaprovider should be touching /dev/fuse
|
||||
neverallow { all_untrusted_apps -mediaprovider } fuse_device:chr_file *;
|
||||
# No untrusted component should be touching /dev/fuse
|
||||
neverallow all_untrusted_apps fuse_device:chr_file *;
|
||||
|
||||
# Do not allow untrusted apps to directly open the tun_device
|
||||
neverallow all_untrusted_apps tun_device:chr_file open;
|
||||
|
@ -34,9 +34,6 @@ allow mediaprovider ringtone_file:file { getattr read write };
|
||||
# MtpServer uses /dev/mtp_usb
|
||||
allow mediaprovider mtp_device:chr_file rw_file_perms;
|
||||
|
||||
# Fuse daemon
|
||||
allow mediaprovider fuse_device:chr_file { read write ioctl getattr };
|
||||
|
||||
# MtpServer uses /dev/usb-ffs/mtp
|
||||
allow mediaprovider functionfs:dir search;
|
||||
allow mediaprovider functionfs:file rw_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user