diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-10-23 13:25:53 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2013-12-18 09:37:52 -0500 |
commit | 712ca0a4d5c3ff77179da2544aafd6eb8e5a70c2 (patch) | |
tree | 5ee8c7697924b1d8d832ea0cec05464eaf9f5303 /attributes | |
parent | 09e6abd91b3aaaa11a44d032e095360c64a97b3a (diff) | |
download | android_external_sepolicy-712ca0a4d5c3ff77179da2544aafd6eb8e5a70c2.tar.gz android_external_sepolicy-712ca0a4d5c3ff77179da2544aafd6eb8e5a70c2.tar.bz2 android_external_sepolicy-712ca0a4d5c3ff77179da2544aafd6eb8e5a70c2.zip |
Confine shell domain in -user builds only.
Confine the domain for an adb shell in -user builds only.
The shell domain in non-user builds is left permissive.
init_shell (shell spawned by init, e.g. console service)
remains unconfined by this change.
Introduce a shelldomain attribute for rules common to all shell
domains, assign it to the shell types, and add shelldomain.te for
its rules.
Change-Id: I01ee2c7ef80b61a9db151abe182ef9af7623c461
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'attributes')
-rw-r--r-- | attributes | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -50,6 +50,9 @@ attribute mlstrustedobject; # Domains that are allowed all permissions ("unconfined"). attribute unconfineddomain; +# All domains used for shells. +attribute shelldomain; + # All domains used for apps. attribute appdomain; |