diff options
author | Nick Kralevich <nnk@google.com> | 2014-07-09 18:58:04 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-09 18:58:04 -0700 |
commit | 99d86c7a77d402a106a1b3fe57af06dbb231c750 (patch) | |
tree | ab968f0891540f9ae952c0f5edf984ad45ec37ec /untrusted_app.te | |
parent | 5d60f04e5d43d084992d59c38a631a034b88e715 (diff) | |
download | android_external_sepolicy-99d86c7a77d402a106a1b3fe57af06dbb231c750.tar.gz android_external_sepolicy-99d86c7a77d402a106a1b3fe57af06dbb231c750.tar.bz2 android_external_sepolicy-99d86c7a77d402a106a1b3fe57af06dbb231c750.zip |
ensure that untrusted_app can't set properties
Bug: 10243159
Change-Id: I9409fe8898c446a33515f1bee2990f36a2e11535
Diffstat (limited to 'untrusted_app.te')
-rw-r--r-- | untrusted_app.te | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index 35b3248..720e8f2 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -76,3 +76,9 @@ neverallow untrusted_app debugfs:file read; # Only trusted components of Android should be registering # services. neverallow untrusted_app service_manager_type:service_manager add; + +# Don't allow untrusted_apps to connect to the property service +# or set properties. b/10243159 +neverallow untrusted_app property_socket:sock_file write; +neverallow untrusted_app init:unix_stream_socket connectto; +neverallow untrusted_app property_type:property_service set; |