diff options
author | Nick Kralevich <nnk@google.com> | 2015-01-30 21:16:13 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-01-30 21:16:13 +0000 |
commit | f4c0a09bd3c77486faf53eb0c89fdc720dd10353 (patch) | |
tree | 13e556d9bfbb46adafffc9357ad83c8b52ca6c1f /system_server.te | |
parent | 8e89c8e9d2c18bd1ea14bfdebb8c503269752d95 (diff) | |
parent | 437f713936148eb0cf3eb277eab72b07a1d533ca (diff) | |
download | android_external_sepolicy-f4c0a09bd3c77486faf53eb0c89fdc720dd10353.tar.gz android_external_sepolicy-f4c0a09bd3c77486faf53eb0c89fdc720dd10353.tar.bz2 android_external_sepolicy-f4c0a09bd3c77486faf53eb0c89fdc720dd10353.zip |
am 437f7139: am 361cdaff: system_server: neverallow dex2oat exec
* commit '437f713936148eb0cf3eb277eab72b07a1d533ca':
system_server: neverallow dex2oat exec
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te index c67f2f9..51e40eb 100644 --- a/system_server.te +++ b/system_server.te @@ -489,3 +489,9 @@ neverallow system_server sdcard_type:file rw_file_perms; # Types extracted from seapp_contexts type= fields, excluding # those types that system_server needs to open directly. neverallow system_server { bluetooth_data_file nfc_data_file shell_data_file app_data_file }:file open; + +# system_server should never be executing dex2oat. This is either +# a bug (for example, bug 16317188), or represents an attempt by +# system server to dynamically load a dex file, something we do not +# want to allow. +neverallow system_server dex2oat_exec:file no_x_file_perms; |