Move compatibility files out of prebuilts dir. am: 78b3d573da
am: 43c8ea3b4d
Change-Id: I6962a57683745fd917bacef13996627f3d32bb14
diff --git a/Android.mk b/Android.mk
index 1c9295e..f12ba96 100644
--- a/Android.mk
+++ b/Android.mk
@@ -194,12 +194,12 @@
plat_sepolicy.cil \
plat_and_mapping_sepolicy.cil.sha256 \
secilc \
- plat_sepolicy_vers.txt
+ plat_sepolicy_vers.txt \
ifneq ($(with_asan),true)
LOCAL_REQUIRED_MODULES += \
treble_sepolicy_tests \
- sepolicy_tests
+
endif
# Include precompiled policy, unless told otherwise
@@ -213,7 +213,13 @@
LOCAL_REQUIRED_MODULES += \
nonplat_file_contexts \
- plat_file_contexts
+ plat_file_contexts \
+
+ifneq ($(with_asan),true)
+LOCAL_REQUIRED_MODULES += \
+ sepolicy_tests \
+
+endif
include $(BUILD_PHONY_PACKAGE)
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 46c7e22..26fe3d0 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -113,6 +113,9 @@
# Avoid all access to kernel configuration
neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
+# Only system_server can access proc_uid_time_in_state
+neverallow { domain -init -system_server } proc_uid_time_in_state:file *;
+
# Do not allow untrusted apps access to preloads data files
neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;