aboutsummaryrefslogtreecommitdiffstats
path: root/system_server.te
diff options
context:
space:
mode:
authordcashman <dcashman@google.com>2015-03-09 10:13:13 -0700
committerdcashman <dcashman@google.com>2015-03-09 11:26:56 -0700
commit8f81dcad5bb322a75bc61c8b42f8287e2afeaddc (patch)
treea05b339ff2978df51184b38c91a245901865149c /system_server.te
parent0560e75e4f03e4637637de8512a4718fe7870df8 (diff)
downloadandroid_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.tar.gz
android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.tar.bz2
android_external_sepolicy-8f81dcad5bb322a75bc61c8b42f8287e2afeaddc.zip
Only allow system_server to send commands to zygote.
Add neverallow rules to ensure that zygote commands are only taken from system_server. Also remove the zygote policy class which was removed as an object manager in commit: ccb3424639821b5ef85264bc5836451590e8ade7 Bug: 19624279 Change-Id: I1c925d7facf19b3953b5deb85d992415344c4c9f
Diffstat (limited to 'system_server.te')
-rw-r--r--system_server.te3
1 files changed, 0 insertions, 3 deletions
diff --git a/system_server.te b/system_server.te
index 5378766..6b580f5 100644
--- a/system_server.te
+++ b/system_server.te
@@ -296,9 +296,6 @@ allow system_server wpa_socket:sock_file unlink;
type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
allow system_server system_ndebug_socket:sock_file create_file_perms;
-# Specify any arguments to zygote.
-allow system_server self:zygote { specifyids specifyrlimits specifyseinfo };
-
# Manage cache files.
allow system_server cache_file:dir { relabelfrom create_dir_perms };
allow system_server cache_file:file { relabelfrom create_file_perms };
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 03:26:56 +0000