diff options
author | Nick Kralevich <nnk@google.com> | 2017-10-09 15:13:31 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2017-10-09 15:13:31 -0700 |
commit | 29c6d8c1ab5543f5394e8c703b5d9679624450f4 (patch) | |
tree | 82671ebbb98a9972d1d9422e4d0046993a8e914a | |
parent | 7c62d00eee2dbb8ffd24653d1adc363d131585fb (diff) | |
download | dragon-29c6d8c1ab5543f5394e8c703b5d9679624450f4.tar.gz |
Restrict isolated_app's /sys access
isolated_app is strictly limited on the files in /sys which can be
accessed.
Test: policy compiles.
Change-Id: I9f3c00a98cd8c08a3968d8e565bf56b4670a780f
-rw-r--r-- | sepolicy/domain.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te index bddbd2f..d09fe8d 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -1,2 +1,2 @@ allow domain sysfs_socinfo:dir r_dir_perms; -allow domain sysfs_socinfo:file r_file_perms; +allow { domain -isolated_app } sysfs_socinfo:file r_file_perms; |