Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 718ac20edbea7223485477e9af184c9a55df566a^! / . / private / app.te
commit718ac20edbea7223485477e9af184c9a55df566a[log] [tgz]
authorBram Bonne <brambonne@google.com>Tue Jan 18 11:44:54 2022 +0100
committerNikita Ioffe <ioffe@google.com>Wed Feb 23 03:54:17 2022 +0000
tree86d1a4439bfb84a5fe3fcc781856793a16cf7558
parent7360c341f11675a19bbabf8f9d8ea85c787c67a0 [diff] [blame]
Only allow supplemental_process to execute from read-only locations

Test: atest SupplementalProcessTest
Bug: 215105355

Ignore-AOSP-First: Cherry picking internally first to rename. Will be cherry-picked to AOSP right after.

Change-Id: I1b6d1a778cb658bdfd930b684e4ba0640031b226
Merged-In: I1b6d1a778cb658bdfd930b684e4ba0640031b226
(cherry picked from commit 8ea8587abb208d6cfb0261dc5743a1c008c6d05d)

diff --git a/private/app.te b/private/app.te
index 3049491..d020c38 100644
--- a/private/app.te
+++ b/private/app.te

@@ -476,6 +476,7 @@
   nfc
   radio
   shared_relro
+  supplemental_process
   system_app
 } {
   data_file_type