Merge "Restrict functions for vold"

commit: 8a441b6a937559adfd49968680eb6afe8bbe269a [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Sep 11 18:31:16 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Sep 11 18:31:16 2017 +0000
tree: 7e2aa8dcf1fdd1792d83e6c6aa5f5bfa31869fa7
parent: fdedacd6295092c171509f6f94aaca7fae7fda17 [diff]
parent: f295758caeab2628d671d06d983088eaf25a493c [diff]
diff --git a/public/vold.te b/public/vold.te
index 99f0bb3..118244a 100644
--- a/public/vold.te
+++ b/public/vold.te

@@ -190,3 +190,5 @@
 
 neverallow vold fsck_exec:file execute_no_trans;
 neverallow { domain -init } vold:process { transition dyntransition };
+neverallow vold *:process ptrace;
+neverallow vold *:rawip_socket *;
commit	8a441b6a937559adfd49968680eb6afe8bbe269a	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Sep 11 18:31:16 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Sep 11 18:31:16 2017 +0000
tree	7e2aa8dcf1fdd1792d83e6c6aa5f5bfa31869fa7
parent	fdedacd6295092c171509f6f94aaca7fae7fda17 [diff]
parent	f295758caeab2628d671d06d983088eaf25a493c [diff]