Neverallow access to the kmem device from userspace.

Change-Id: If26baa947ff462f5bb09b75918a4130097de5ef4
author: Geremy Condra <gcondra@google.com> 2013-10-31 11:17:23 -0700
committer: Nick Kralevich <nnk@google.com> 2013-11-07 16:17:32 -0800
commit: ddf98fa8cf11000f91329945abc23ee791adfe69 (patch)
tree: ecd42d0e6822c2701d0bc364be3ca479860a875b /app.te
parent: 0ea4ac8a12efa2f847625917f35b5cbedec3853a (diff)
download: android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.tar.gz
android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.tar.bz2
android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.zip
1 files changed, 0 insertions, 3 deletions
diff --git a/app.te b/app.te
index 8e220ff..6e95ffb 100644
--- a/app.te
+++ b/app.te
@@ -137,9 +137,6 @@ neverallow { appdomain -unconfineddomain } self:capability2 *;
 # Block device access.
 neverallow { appdomain -unconfineddomain } dev_type:blk_file { read write };
 
-# Kernel memory access.
-neverallow { appdomain -unconfineddomain } kmem_device:chr_file { read write };
-
 # Access to any character device that is not specifically typed.
 neverallow { appdomain -unconfineddomain } device:chr_file { read write };
author	Geremy Condra <gcondra@google.com>	2013-10-31 11:17:23 -0700
committer	Nick Kralevich <nnk@google.com>	2013-11-07 16:17:32 -0800
commit	ddf98fa8cf11000f91329945abc23ee791adfe69 (patch)
tree	ecd42d0e6822c2701d0bc364be3ca479860a875b /app.te
parent	0ea4ac8a12efa2f847625917f35b5cbedec3853a (diff)
download	android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.tar.gz android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.tar.bz2 android_external_sepolicy-ddf98fa8cf11000f91329945abc23ee791adfe69.zip