| commit | bc24ba72839468ff76f46c47d27c2f07d98c8fd7 | [log] [tgz] |
|---|---|---|
| author | Yi Jin <jinyithu@google.com> | Mon Jan 22 14:00:46 2018 -0800 |
| committer | Yi Jin <jinyithu@google.com> | Tue Jan 23 19:08:49 2018 +0000 |
| tree | 4333b81ab7430d6c7d07c521546fe1e09e8aa435 | |
| parent | 0a2f8627154924ae3fce912c10b508b20208419a [diff] [blame] |
Selinux permissions for incidentd project Bug: 64222712 Test: manual Change-Id: Ica77ae3c9e535eddac9fccf11710b0bcb3254ab3
diff --git a/private/incident.te b/private/incident.te index b910dde..2038816 100644 --- a/private/incident.te +++ b/private/incident.te
@@ -23,3 +23,5 @@ binder_call(incident, incidentd) allow incident incidentd:fifo_file write; +# only allow incident being called by shell +neverallow { domain -su -shell -incident } incident_exec:file { execute execute_no_trans };