diff options
author | Nick Kralevich <nnk@google.com> | 2015-03-05 14:11:27 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-03-05 14:14:27 -0800 |
commit | 92b10ddb47caa4c80a626e6c70330439feb4aa30 (patch) | |
tree | 6799e360d7ee5953a7b81c08178d96e1381dd617 /system_server.te | |
parent | 723e31efe568bf3372205cb539436fb1ecef4e3f (diff) | |
download | android_external_sepolicy-92b10ddb47caa4c80a626e6c70330439feb4aa30.tar.gz android_external_sepolicy-92b10ddb47caa4c80a626e6c70330439feb4aa30.tar.bz2 android_external_sepolicy-92b10ddb47caa4c80a626e6c70330439feb4aa30.zip |
Eliminate CAP_SYS_MODULE from system_server
Right now, the system_server has the CAP_SYS_MODULE capability. This allows the
system server to install kernel modules. Effectively, system_server is one
kernel module load away from full root access.
Most devices don't need this capability. Remove this capability from
the core SELinux policy. For devices which require this capability,
they can add it to their device-specific SELinux policy without making
any framework code changes.
In particular, most Nexus devices ship with monolithic kernels, so this
capability isn't needed on those devices.
Bug: 7118228
Change-Id: I7f96cc61da8b2476f45ba9570762145778d68cb3
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te index 191c446..41036b6 100644 --- a/system_server.te +++ b/system_server.te @@ -49,7 +49,6 @@ allow system_server self:capability { net_broadcast net_raw sys_boot - sys_module sys_nice sys_resource sys_time |