diff options
| author | dcashman <dcashman@google.com> | 2015-03-10 18:15:57 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-03-10 18:15:57 +0000 |
| commit | 7b2d879b33e7a660fb59e36c94f71dd430216239 (patch) | |
| tree | e3f34af57b48962e43cfa0a92ed9475bb88cc20f /domain.te | |
| parent | c2b3ff7f7f740fbb8fccf167960dadbb0c2266fa (diff) | |
| parent | 1193bdf4ae1498581b4d5c3e964db963e79622dc (diff) | |
| download | android_external_sepolicy-7b2d879b33e7a660fb59e36c94f71dd430216239.tar.gz android_external_sepolicy-7b2d879b33e7a660fb59e36c94f71dd430216239.tar.bz2 android_external_sepolicy-7b2d879b33e7a660fb59e36c94f71dd430216239.zip | |
am 1193bdf4: am 6843a793: am 8f81dcad: Only allow system_server to send commands to zygote.
* commit '1193bdf4ae1498581b4d5c3e964db963e79622dc':
Only allow system_server to send commands to zygote.
Diffstat (limited to 'domain.te')
| -rw-r--r-- | domain.te | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -344,6 +344,10 @@ neverallow { -dex2oat } dalvikcache_data_file:file no_w_file_perms; +# Only system_server should be able to send commands via the zygote socket +neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto; +neverallow { domain -system_server } zygote_socket:sock_file write; + # Android does not support System V IPCs. # # The reason for this is due to the fact that, by design, they lead to global |