Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e0bbb9f85a5df8512d28c16aaafa5fabef52e5a7
commite0bbb9f85a5df8512d28c16aaafa5fabef52e5a7[log] [tgz]
authorMartijn Coenen <maco@google.com>Thu Jan 24 20:07:20 2019 +0100
committerMartijn Coenen <maco@google.com>Thu Jan 24 20:27:54 2019 +0000
tree250e973096453f867b55dc948cd62f75cbab16a7
parent74ea1f29eb4098efc614ae6b86161421530acf7f [diff]
Add more neverallows to app_zygote policy.

The app_zygote should never use any unix sockets, except the
logd socket and some sockets only available on userdebug/eng.

Prevent it from using ptrace.

Bug: 111434506
Test: builds
Change-Id: Ic47cfca51fba0b150a136194ba0e4a8a488c9996
1 file changed
tree: 250e973096453f867b55dc948cd62f75cbab16a7
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. definitions.mk
  15. MODULE_LICENSE_PUBLIC_DOMAIN
  16. NOTICE
  17. OWNERS
  18. PREUPLOAD.cfg
  19. README
  20. treble_sepolicy_tests_for_release.mk