Merge "appdomain: neverallow direct input_device access"

commit: 9cc3a580c55f2114a816a151d0df5134dce7fa8e [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Aug 08 17:16:57 2016 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Aug 08 17:16:57 2016 +0000
tree: 3f66c43b3372334506d854bcb5622e18303497e0
parent: 5423db6eb3622183a201eaaa7b39bcbf788eecdb [diff]
parent: e83b9f037c47f004391a8c947303a48548f79838 [diff]
diff --git a/app.te b/app.te
index 70b1c94..f166caa 100644
--- a/app.te
+++ b/app.te

@@ -405,3 +405,9 @@
   system_file
   tmpfs
 }:lnk_file no_w_file_perms;
+
+# Applications should use the activity model for receiving events
+neverallow {
+  appdomain
+  -shell # bugreport
+} input_device:chr_file ~getattr;
commit	9cc3a580c55f2114a816a151d0df5134dce7fa8e	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Aug 08 17:16:57 2016 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Aug 08 17:16:57 2016 +0000
tree	3f66c43b3372334506d854bcb5622e18303497e0
parent	5423db6eb3622183a201eaaa7b39bcbf788eecdb [diff]
parent	e83b9f037c47f004391a8c947303a48548f79838 [diff]