PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
828433c892
android_system_sepolicy/private/domain.te
ynwang e68d2d2c72 Storaged permissions for task I/O 
Allow storaged to read /proc/[pid]/io
Grant binder access to storaged
Add storaged service
Grant storaged_exec access to dumpstate
Grant storaged binder_call to dumpstate

Bug: 32221677

Change-Id: Iecc9dba266c5566817a99ac6251eb943a0bac630
2017-01-07 01:12:51 +00:00

12 lines
269 B
Plaintext
Raw Blame History

# Limit ability to ptrace or read sensitive /proc/pid files of processes
# with other UIDs to these whitelisted domains.
neverallow {
domain
-debuggerd
-vold
-dumpstate
-storaged
-system_server
userdebug_or_eng(`-perfprofd')
} self:capability sys_ptrace;
Reference in New Issue View Git Blame Copy Permalink