strengthen debugfs neverallows The comments here suggest they intended to put stronger rules in place. Bug: 281877578 Test: boot Change-Id: I4c837c2e0f86f648c212fa7915275cd75319e663

commit: b56bf68763bcb2a47fae192b57c8b67d9fcd25c3 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Mon May 22 23:02:24 2023 +0000
committer: Steven Moreland <smoreland@google.com> Mon May 22 23:02:24 2023 +0000
tree: 14fd2df0283b4810a94afbc21527864b825fb443
parent: 8634a8859553cf42be4815bccf5c5f0322602efe [diff] [blame]
diff --git a/private/priv_app.te b/private/priv_app.te
index cfd8721..b455732 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -218,7 +218,7 @@
 
 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.
-neverallow priv_app debugfs:file read;
+neverallow priv_app debugfs_type:file read;
 
 # Do not allow privileged apps to register services.
 # Only trusted components of Android should be registering
commit	b56bf68763bcb2a47fae192b57c8b67d9fcd25c3	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Mon May 22 23:02:24 2023 +0000
committer	Steven Moreland <smoreland@google.com>	Mon May 22 23:02:24 2023 +0000
tree	14fd2df0283b4810a94afbc21527864b825fb443
parent	8634a8859553cf42be4815bccf5c5f0322602efe [diff] [blame]