Merge "Disallow sysfs_leds to coredomains." am: 5d5284ad93 am: abe248d14d Change-Id: Id7202a1c4a991e0f130bf34a0adb7f913434a617

commit: 977949e3603ad75e5f2518a4b5413810b7f5d69e [log] [tgz]
author: Steven Moreland <smoreland@google.com> Fri Jan 19 08:01:58 2018 +0000
committer: android-build-merger <android-build-merger@google.com> Fri Jan 19 08:01:58 2018 +0000
tree: 6206f8d93227f9a0603baf2d0a96bbc5d6696323
parent: 0399f1e4520390e91726597d765b6daf3796bd93 [diff]
parent: abe248d14d4af51ad931acdd6a9b08221dada311 [diff]
diff --git a/private/coredomain.te b/private/coredomain.te
index 244c83c..c8f2b1d 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -1,2 +1,17 @@
 get_prop(coredomain, pm_prop)
 get_prop(coredomain, exported_pm_prop)
+
+full_treble_only(`
+neverallow {
+    coredomain
+    -init
+    -vendor_init
+
+    # generic access to sysfs_type
+    -ueventd
+    -vold
+    -priv_app
+    -storaged
+    -system_app
+} sysfs_leds:file *;
+')
commit	977949e3603ad75e5f2518a4b5413810b7f5d69e	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Fri Jan 19 08:01:58 2018 +0000
committer	android-build-merger <android-build-merger@google.com>	Fri Jan 19 08:01:58 2018 +0000
tree	6206f8d93227f9a0603baf2d0a96bbc5d6696323
parent	0399f1e4520390e91726597d765b6daf3796bd93 [diff]
parent	abe248d14d4af51ad931acdd6a9b08221dada311 [diff]