diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-12-02 14:18:11 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2013-12-02 15:59:04 -0500 |
commit | d99e6d5fa135882bb51878a3c68ed3a2aebe7d04 (patch) | |
tree | 1c4cc818450c8a48b30cb267f3aeb7149c7a437d /su.te | |
parent | 51ce2f00c5410574015ba751b6e03fbddf12c176 (diff) | |
download | android_external_sepolicy-d99e6d5fa135882bb51878a3c68ed3a2aebe7d04.tar.gz android_external_sepolicy-d99e6d5fa135882bb51878a3c68ed3a2aebe7d04.tar.bz2 android_external_sepolicy-d99e6d5fa135882bb51878a3c68ed3a2aebe7d04.zip |
Restrict the ability to set SELinux enforcing mode to init.
Also make su and shell permissive in non-user builds to allow
use of setenforce without violating the neverallow rule.
Change-Id: Ie76ee04e90d5a76dfaa5f56e9e3eb7e283328a3f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'su.te')
-rw-r--r-- | su.te | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4,3 +4,6 @@ domain_auto_trans(shell, su_exec, su) # su is unconfined. unconfined_domain(su) + +# su is also permissive to permit setenforce. +permissive su; |