PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Allow MediaProvider to host FUSE devices."

Browse Source 
This reverts commit b56cc6fb1f.

Reason for revert: Not necessary

Change-Id: I99d7df2435294e78b753149e20377e78c1c60d36
This commit is contained in:
Zimuzo Ezeozue 2020-01-08 20:54:28 +00:00
parent b56cc6fb1f
commit 74a6730767
2 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
private/app_neverallows.te
View File

@ -137,8 +137,8 @@ neverallow { all_untrusted_apps -mediaprovider } {
')
}:dir_file_class_set { create unlink };
# No untrusted component except mediaprovider should be touching /dev/fuse
neverallow { all_untrusted_apps -mediaprovider } fuse_device:chr_file *;
# No untrusted component should be touching /dev/fuse
neverallow all_untrusted_apps fuse_device:chr_file *;
# Do not allow untrusted apps to directly open the tun_device
neverallow all_untrusted_apps tun_device:chr_file open;

3
private/mediaprovider.te
View File

@ -34,9 +34,6 @@ allow mediaprovider ringtone_file:file { getattr read write };
# MtpServer uses /dev/mtp_usb
allow mediaprovider mtp_device:chr_file rw_file_perms;
# Fuse daemon
allow mediaprovider fuse_device:chr_file { read write ioctl getattr };
# MtpServer uses /dev/usb-ffs/mtp
allow mediaprovider functionfs:dir search;
allow mediaprovider functionfs:file rw_file_perms;