diff options
author | Geremy Condra <gcondra@google.com> | 2013-10-31 11:17:23 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-11-07 16:17:32 -0800 |
commit | ddf98fa8cf11000f91329945abc23ee791adfe69 (patch) | |
tree | ecd42d0e6822c2701d0bc364be3ca479860a875b /app.te | |
parent | 0ea4ac8a12efa2f847625917f35b5cbedec3853a (diff) | |
download | android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.tar.gz android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.tar.bz2 android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.zip |
Neverallow access to the kmem device from userspace.
Change-Id: If26baa947ff462f5bb09b75918a4130097de5ef4
Diffstat (limited to 'app.te')
-rw-r--r-- | app.te | 3 |
1 files changed, 0 insertions, 3 deletions
@@ -137,9 +137,6 @@ neverallow { appdomain -unconfineddomain } self:capability2 *; # Block device access. neverallow { appdomain -unconfineddomain } dev_type:blk_file { read write }; -# Kernel memory access. -neverallow { appdomain -unconfineddomain } kmem_device:chr_file { read write }; - # Access to any character device that is not specifically typed. neverallow { appdomain -unconfineddomain } device:chr_file { read write }; |