Merge "Disallow sysfs_leds to coredomains." am: 5d5284ad93 am: abe248d14d am: 977949e360 Change-Id: I9b145b354413e77e02b67e83f411cec709c7d8e1

commit: 832958ab5df263b48c2f1f1230b95e8b89e5c68a [log] [tgz]
author: Steven Moreland <smoreland@google.com> Fri Jan 19 08:07:25 2018 +0000
committer: android-build-merger <android-build-merger@google.com> Fri Jan 19 08:07:25 2018 +0000
tree: b81534c9126b0eada56e706edf9a56de1e6a9332
parent: 5580de4bdc4825b7a36c64d7ec753e35451f20fa [diff]
parent: 977949e3603ad75e5f2518a4b5413810b7f5d69e [diff]
diff --git a/private/coredomain.te b/private/coredomain.te
index 244c83c..c8f2b1d 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -1,2 +1,17 @@
 get_prop(coredomain, pm_prop)
 get_prop(coredomain, exported_pm_prop)
+
+full_treble_only(`
+neverallow {
+    coredomain
+    -init
+    -vendor_init
+
+    # generic access to sysfs_type
+    -ueventd
+    -vold
+    -priv_app
+    -storaged
+    -system_app
+} sysfs_leds:file *;
+')
commit	832958ab5df263b48c2f1f1230b95e8b89e5c68a	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Fri Jan 19 08:07:25 2018 +0000
committer	android-build-merger <android-build-merger@google.com>	Fri Jan 19 08:07:25 2018 +0000
tree	b81534c9126b0eada56e706edf9a56de1e6a9332
parent	5580de4bdc4825b7a36c64d7ec753e35451f20fa [diff]
parent	977949e3603ad75e5f2518a4b5413810b7f5d69e [diff]