Only allow system_server to send commands to zygote.

Add neverallow rules to ensure that zygote commands are only taken from system_server. Also remove the zygote policy class which was removed as an object manager in commit: ccb3424639821b5ef85264bc5836451590e8ade7 Bug: 19624279 Change-Id: I1c925d7facf19b3953b5deb85d992415344c4c9f
author: dcashman <dcashman@google.com> 2015-03-09 10:13:13 -0700
committer: dcashman <dcashman@google.com> 2015-03-09 11:26:56 -0700
commit: 8f81dcad5bb322a75bc61c8b42f8287e2afeaddc (patch)
tree: a05b339ff2978df51184b38c91a245901865149c /access_vectors
parent: 0560e75e4f03e4637637de8512a4718fe7870df8 (diff)
download: android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.tar.gz
android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.tar.bz2
android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.zip
1 files changed, 0 insertions, 8 deletions
diff --git a/access_vectors b/access_vectors
index 320a1c8..43b81e9 100644
--- a/access_vectors
+++ b/access_vectors
@@ -876,14 +876,6 @@ class binder
 	transfer
 }
 
-class zygote
-{
-	specifyids
-	specifyrlimits
-	specifyinvokewith
-	specifyseinfo
-}
-
 class property_service
 {
 	set
author	dcashman <dcashman@google.com>	2015-03-09 10:13:13 -0700
committer	dcashman <dcashman@google.com>	2015-03-09 11:26:56 -0700
commit	8f81dcad5bb322a75bc61c8b42f8287e2afeaddc (patch)
tree	a05b339ff2978df51184b38c91a245901865149c /access_vectors
parent	0560e75e4f03e4637637de8512a4718fe7870df8 (diff)
download	android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.tar.gz android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.tar.bz2 android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.zip