Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 929da014e6f2c4e97638f28c1b3bb6490122ea53
commit929da014e6f2c4e97638f28c1b3bb6490122ea53[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Feb 16 12:04:40 2017 -0800
committerNick Kralevich <nnk@google.com>Thu Feb 16 12:07:01 2017 -0800
tree53471978162d48fe57b12ba0dbeb58c32cde2687
parentd419ed8fb7ad8ef7fa02d9841f1a52115285904b [diff]
Label /proc/config.gz

Add a label to /proc/config.gz, so we can distinguish this file from
other /proc files in security policy.

For now, only init is allowed read access. All others are denied.
TODO: clarify exactly who needs access. Further access will be granted
in a future commit.

Bug: 35126415
Test: policy compiles and no device boot problems.
Change-Id: I8b480890495ce5b8aa3f8c7eb00e14159f177860
2 files changed
tree: 53471978162d48fe57b12ba0dbeb58c32cde2687
  1. private/
  2. public/
  3. reqd_mask/
  4. tools/
  5. vendor/
  6. Android.mk
  7. CleanSpec.mk
  8. MODULE_LICENSE_PUBLIC_DOMAIN
  9. NOTICE
  10. PREUPLOAD.cfg
  11. README