Restrict isolated_app's /sys access

am: 29c6d8c1ab Change-Id: I646e8a5690768ea43d3a2a8657d2436efbfa3040
author: Nick Kralevich <nnk@google.com> 2017-10-09 23:38:11 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-10-09 23:38:11 +0000
commit: 551cbe6ab20d8b4afe51c5749368b52fa582e778 (patch)
tree: ac3badcd6711d5840a709645dcf0f7683d5a7bde
parent: 603635710d5547b5c1f211d1be8cbb0fc88a973e (diff)
parent: 29c6d8c1ab5543f5394e8c703b5d9679624450f4 (diff)
download: dragon-551cbe6ab20d8b4afe51c5749368b52fa582e778.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
index bddbd2f..d09fe8d 100644
--- a/sepolicy/domain.te
+++ b/sepolicy/domain.te
@@ -1,2 +1,2 @@
 allow domain sysfs_socinfo:dir r_dir_perms;
-allow domain sysfs_socinfo:file r_file_perms;
+allow { domain -isolated_app } sysfs_socinfo:file r_file_perms;
author	Nick Kralevich <nnk@google.com>	2017-10-09 23:38:11 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-10-09 23:38:11 +0000
commit	551cbe6ab20d8b4afe51c5749368b52fa582e778 (patch)
tree	ac3badcd6711d5840a709645dcf0f7683d5a7bde
parent	603635710d5547b5c1f211d1be8cbb0fc88a973e (diff)
parent	29c6d8c1ab5543f5394e8c703b5d9679624450f4 (diff)
download	dragon-551cbe6ab20d8b4afe51c5749368b52fa582e778.tar.gz