diff options
author | Nick Kralevich <nnk@google.com> | 2015-01-14 14:12:14 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-01-14 22:18:24 +0000 |
commit | 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch) | |
tree | 2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /system_server.te | |
parent | 4a89cdfa89448c8660308a31bfcb517fffaa239e (diff) | |
download | android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2 android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip |
remove /proc/net read access from domain.te
SELinux domains wanting read access to /proc/net need to
explicitly declare it.
TODO: fixup the ListeningPortsTest cts test so that it's not
broken.
Bug: 9496886
Change-Id: Ia9f1214348ac4051542daa661d35950eb271b2e4
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te index 6199eb7..45c4936 100644 --- a/system_server.te +++ b/system_server.te @@ -91,6 +91,7 @@ allow system_server appdomain:file write; # Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid. allow system_server qtaguid_proc:file rw_file_perms; allow system_server qtaguid_device:chr_file rw_file_perms; +r_dir_file(system_server, proc_net) # Write to /proc/sysrq-trigger. allow system_server proc_sysrq:file rw_file_perms; |