diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-18 14:01:27 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-18 14:01:27 -0400 |
| commit | 9e012cde7bbb6aa66e6e8f1254a43567a328205b (patch) | |
| tree | 06273849b162b21cb967adf9531bea4e65808bd8 /rild.te | |
| parent | 2257ca7a3ccc1898ac670c54f9cd4168e91d9fca (diff) | |
| download | android_external_sepolicy-9e012cde7bbb6aa66e6e8f1254a43567a328205b.tar.gz android_external_sepolicy-9e012cde7bbb6aa66e6e8f1254a43567a328205b.tar.bz2 android_external_sepolicy-9e012cde7bbb6aa66e6e8f1254a43567a328205b.zip | |
Remove write access to system_data_file from rild.
Anything writable by rild should be in radio_data_file or efs_file.
System data should be read-only.
Change-Id: I442a253c22f567a147d0591d623e97a6ee8b76e3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'rild.te')
| -rw-r--r-- | rild.te | 6 |
1 files changed, 2 insertions, 4 deletions
@@ -21,10 +21,8 @@ allow rild bluetooth_efs_file:dir r_dir_perms; allow rild radio_data_file:dir rw_dir_perms; allow rild radio_data_file:file create_file_perms; allow rild sdcard_type:dir r_dir_perms; -allow rild system_data_file:dir create_dir_perms; -allow rild system_data_file:file create_file_perms; -auditallow rild system_data_file:dir { create reparent rmdir setattr write add_name remove_name }; -auditallow rild system_data_file:file { create setattr write append link unlink rename }; +allow rild system_data_file:dir r_dir_perms; +allow rild system_data_file:file r_file_perms; allow rild system_file:file x_file_perms; dontaudit rild self:capability sys_admin; |