85acf6ef70
neverallow rules with allowlist should look like:
neverallow { domain -allow1 -allow2 } ...
Bug: 181744894
Test: m selinux_policy
Test: pcregrep -M -r "neverallow\s+{(\s*#.*\s*)*\s+-" .
Change-Id: Ibab72ccc1fbacb99b62fe127b4122e1ac22b938a
14 lines
244 B
Plaintext
14 lines
244 B
Plaintext
typeattribute tombstoned coredomain;
|
|
|
|
init_daemon_domain(tombstoned)
|
|
|
|
get_prop(tombstoned, tombstone_config_prop)
|
|
|
|
neverallow {
|
|
domain
|
|
-init
|
|
-vendor_init
|
|
-dumpstate
|
|
-tombstoned
|
|
} tombstone_config_prop:file no_rw_file_perms;
|