Do not allow untrusted apps to read sysfs_net files
(this includes /sys/class/net/*/address device mac addresses) Test: builds Bug: 137816564 Change-Id: I84268b2e0207559ed00baafb8a3f231c676f8df1 Signed-off-by: Maciej Żenczykowski <maze@google.com>
This commit is contained in:
parent
6b2eaade82
commit
804d99ac76
@ -87,6 +87,7 @@ neverallow all_untrusted_apps file_type:file link;
|
||||
|
||||
# Do not allow untrusted apps to access network MAC address file
|
||||
neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
|
||||
neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
|
||||
|
||||
# Do not allow any write access to files in /sys
|
||||
neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
|
||||
|
Loading…
Reference in New Issue
Block a user