Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 3079d01ad8b02a6bed7c916c7bb6090eca18f8d7
commit3079d01ad8b02a6bed7c916c7bb6090eca18f8d7[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Wed Mar 28 15:34:37 2018 -0700
committerJeff Vander Stoep <jeffv@google.com>Thu Mar 29 11:11:23 2018 -0700
tree9271aad410c38befa8eb070629920a5733f0f13a
parentfb735122be6d645db290b7e789255e234c809447 [diff]
Improve neverallows on /proc and /sys

Access to these files was removed in Oreo. Enforce that access is not
granted by partners via neverallow rule.

Also disallow most untrusted app access to net.dns.* properties.

Bug: 77225170
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I85b634af509203393dd2d9311ab5d30c65f157c1
(cherry picked from commit 886aa54bab8f8c941bd32bd3317cc1c6c25ccaf5)
1 file changed
tree: 9271aad410c38befa8eb070629920a5733f0f13a
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk