Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 095fbea56341cc17a7b2b2936dca470c89709f83
commit095fbea56341cc17a7b2b2936dca470c89709f83[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Sep 13 11:07:14 2018 -0700
committerNick Kralevich <nnk@google.com>Fri Sep 14 18:32:20 2018 +0000
treee77de83f6b2e1ac6100c5740fc000bef92152e1a
parent702fd0afacf27c62e2743a72ebeae4021a5b595c [diff]
Strengthen ptrace neverallow rules

Add additional compile time constraints on the ability to ptrace various
sensitive domains.

llkd: remove some domains which llkd should never ptrace, even on
debuggable builds, such as kernel threads and init.

crash_dump neverallows: Remove the ptrace neverallow checks because
it duplicates other neverallow assertions spread throughout the policy.

Test: policy compiles and device boots
Change-Id: Ia4240d1ce7143b983bb048e046bb4729d0af5a6e
8 files changed
tree: e77de83f6b2e1ac6100c5740fc000bef92152e1a
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk