PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e3f0b2ca13
android_system_sepolicy/private/drmserver.te
Alex Klyubin 2f6151ea44 Tighten restrictions on core <-> vendor socket comms 
This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0d8)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e
2017-03-31 09:17:54 -07:00

8 lines
187 B
Plaintext
Raw Blame History

typeattribute drmserver coredomain;
init_daemon_domain(drmserver)
type_transition drmserver apk_data_file:sock_file drmserver_socket;
typeattribute drmserver_socket coredomain_socket;
Reference in New Issue View Git Blame Copy Permalink