Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 886aa54bab8f8c941bd32bd3317cc1c6c25ccaf5
commit886aa54bab8f8c941bd32bd3317cc1c6c25ccaf5[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Wed Mar 28 15:34:37 2018 -0700
committerJeff Vander Stoep <jeffv@google.com>Wed Mar 28 15:56:36 2018 -0700
tree902d85901226ad4ce0b0ca9f08a58b12d9d2853d
parentc22f97119522920a7ce48e01d52d39b3ae39bd8f [diff]
Improve neverallows on /proc and /sys

Access to these files was removed in Oreo. Enforce that access is not
granted by partners via neverallow rule.

Also disallow most untrusted app access to net.dns.* properties.

Bug: 77225170
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I85b634af509203393dd2d9311ab5d30c65f157c1
1 file changed
tree: 902d85901226ad4ce0b0ca9f08a58b12d9d2853d
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk