Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8f08456a94b629875a3792dac68c1dd5ac7cd5f5
commit8f08456a94b629875a3792dac68c1dd5ac7cd5f5[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Oct 02 21:43:20 2018 -0700
committerNick Kralevich <nnk@google.com>Tue Oct 02 21:43:20 2018 -0700
tree02ccd414294d1aa2a9ff4d51b385185eedb8211f
parent7b785a9f5becdeef7ee8dbf62813e5eb44d79b41 [diff]
isolated_apps: no socket create

Isolated apps provide a very strict security guarantee, including the
inability to create networking sockets like TCP / UDP sockets. Add an
SELinux neverallow assertion to test for this and prevent regressions.

Test: policy compiles.
Change-Id: I2618abb17375707eb1048e89faa46f57d33e1df4
1 file changed
tree: 02ccd414294d1aa2a9ff4d51b385185eedb8211f
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk