sepolicy: rules for uid/pid cgroups v2 hierarchy Bug: 168907513 Test: verified the correct working of the v2 uid/pid hierarchy in normal and recovery modes This reverts commit aa8bb3a29b92a342c42c802edac269da5984d1df. Change-Id: Ib344d500ea49b86e862e223ab58a16601eebef47

commit: aa4ce95c6f601c5fa901a12d9f366440bf56c7e2 [log] [tgz]
author: Marco Ballesio <balejs@google.com> Thu Feb 11 15:18:11 2021 -0800
committer: Marco Ballesio <balejs@google.com> Thu Feb 11 23:40:38 2021 +0000
tree: 207658ec84cfd29a88b35b9f82215797beee7f65
parent: e8d2732651edfaf9f32df039216cbf54f247e9ec [diff] [blame]
diff --git a/private/priv_app.te b/private/priv_app.te
index 6e85b42..e5889d1 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -240,6 +240,7 @@
 
 # Do not allow priv_app access to cgroups.
 neverallow priv_app cgroup:file *;
+neverallow priv_app cgroup_v2:file *;
 
 # Do not allow loading executable code from non-privileged
 # application home directories. Code loading across a security boundary
commit	aa4ce95c6f601c5fa901a12d9f366440bf56c7e2	[log] [tgz]
author	Marco Ballesio <balejs@google.com>	Thu Feb 11 15:18:11 2021 -0800
committer	Marco Ballesio <balejs@google.com>	Thu Feb 11 23:40:38 2021 +0000
tree	207658ec84cfd29a88b35b9f82215797beee7f65
parent	e8d2732651edfaf9f32df039216cbf54f247e9ec [diff] [blame]