Restrict isolated_app's /sys access

isolated_app is strictly limited on the files in /sys which can be accessed. Test: policy compiles. Change-Id: I9f3c00a98cd8c08a3968d8e565bf56b4670a780f
author: Nick Kralevich <nnk@google.com> 2017-10-09 15:13:31 -0700
committer: Nick Kralevich <nnk@google.com> 2017-10-09 15:13:31 -0700
commit: 29c6d8c1ab5543f5394e8c703b5d9679624450f4 (patch)
tree: 82671ebbb98a9972d1d9422e4d0046993a8e914a
parent: 7c62d00eee2dbb8ffd24653d1adc363d131585fb (diff)
download: dragon-29c6d8c1ab5543f5394e8c703b5d9679624450f4.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
index bddbd2f..d09fe8d 100644
--- a/sepolicy/domain.te
+++ b/sepolicy/domain.te
@@ -1,2 +1,2 @@
 allow domain sysfs_socinfo:dir r_dir_perms;
-allow domain sysfs_socinfo:file r_file_perms;
+allow { domain -isolated_app } sysfs_socinfo:file r_file_perms;
author	Nick Kralevich <nnk@google.com>	2017-10-09 15:13:31 -0700
committer	Nick Kralevich <nnk@google.com>	2017-10-09 15:13:31 -0700
commit	29c6d8c1ab5543f5394e8c703b5d9679624450f4 (patch)
tree	82671ebbb98a9972d1d9422e4d0046993a8e914a
parent	7c62d00eee2dbb8ffd24653d1adc363d131585fb (diff)
download	dragon-29c6d8c1ab5543f5394e8c703b5d9679624450f4.tar.gz