e68d2d2c72
Allow storaged to read /proc/[pid]/io Grant binder access to storaged Add storaged service Grant storaged_exec access to dumpstate Grant storaged binder_call to dumpstate Bug: 32221677 Change-Id: Iecc9dba266c5566817a99ac6251eb943a0bac630
12 lines
269 B
Plaintext
12 lines
269 B
Plaintext
# Limit ability to ptrace or read sensitive /proc/pid files of processes
|
|
# with other UIDs to these whitelisted domains.
|
|
neverallow {
|
|
domain
|
|
-debuggerd
|
|
-vold
|
|
-dumpstate
|
|
-storaged
|
|
-system_server
|
|
userdebug_or_eng(`-perfprofd')
|
|
} self:capability sys_ptrace;
|