diff options
author | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2020-02-05 10:10:34 +0800 |
---|---|---|
committer | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2020-02-05 10:10:34 +0800 |
commit | 5e7187e3b9c3cf57d62ffdf28c4dbb34b268ec19 (patch) | |
tree | 07db0bb84f444a181cf79293dc802e31905a5c72 /non_plat/biosensord_nvram.te | |
parent | cf50b9ff23c93d266d2623ec638f1856baebbd8e (diff) | |
download | device_mediatek_wembley-sepolicy-5e7187e3b9c3cf57d62ffdf28c4dbb34b268ec19.tar.gz device_mediatek_wembley-sepolicy-5e7187e3b9c3cf57d62ffdf28c4dbb34b268ec19.tar.bz2 device_mediatek_wembley-sepolicy-5e7187e3b9c3cf57d62ffdf28c4dbb34b268ec19.zip |
[ALPS04974468] SEPolicy: Add neverallow rule for system_data_file
[Detail]
Do not allow access to the generic system_data_file label. This is too broad.
Instead, if access to part of system_data_file is desired, it should have a
more specific label.
[Solution]
1.Add neverallow rule for system_data_file.
2.Remove the conflicting SEPolicies.
MTK-Commit-Id: c35db1e5a50c311dfcca91618d7221bde6961e1b
Change-Id: Ifc5a87d55b7ca18a53dd6ffe1fbccaf63e03e263
CR-Id: ALPS04974468
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Diffstat (limited to 'non_plat/biosensord_nvram.te')
-rw-r--r-- | non_plat/biosensord_nvram.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/non_plat/biosensord_nvram.te b/non_plat/biosensord_nvram.te index dc1b19f..5fe181c 100644 --- a/non_plat/biosensord_nvram.te +++ b/non_plat/biosensord_nvram.te @@ -30,4 +30,3 @@ allow biosensord_nvram nvdata_file:file {rw_file_perms create_file_perms}; allow biosensord_nvram nvram_data_file:lnk_file rw_file_perms; allow biosensord_nvram biometric_device:chr_file { open ioctl read write }; allow biosensord_nvram self:capability { chown fsetid }; -allow biosensord_nvram system_data_file:lnk_file read; |