| commit | b84c86b21127be48850a3c533ee1a1da3bc0e195 | [log] [tgz] |
|---|---|---|
| author | dcashman <dcashman@google.com> | Thu May 12 15:49:02 2016 -0700 |
| committer | dcashman <dcashman@google.com> | Thu May 12 16:02:34 2016 -0700 |
| tree | c775799a16a40edcfc073dbea0730b2e46f3d14b | |
| parent | 1cfdb12a98eca625b82463eda79103f7aca7b406 [diff] |
DO NOT MERGE. Remove isolated_app's ability to read sysfs. untrusted_app lost the ability to read files labeled as sysfs to prevent information leakage, but this is trivially bypassable by spawning an isolated app, since this was not taken away from isolated app. Privileges should not be gained by launching an isolated app, and this one directly defeats that hardeneing. Remove this access. Bug: 28722489 Change-Id: I61d3678eca515351c9dbe4444ee39d0c89db7a3e