| commit | e96c3abe2e86f3ecdfdb7770629e9f73ff1e96d1 | [log] [tgz] |
|---|---|---|
| author | dcashman <dcashman@google.com> | Tue Apr 14 11:21:46 2015 -0700 |
| committer | dcashman <dcashman@google.com> | Tue Apr 14 11:29:20 2015 -0700 |
| tree | 1430e729497d4d5d05c7a894436fa071d4d0e322 | |
| parent | dd156fc377c2892752fb5b38c5cca4c3e7484054 [diff] |
Add neverallow for mounting on proc Change-Id: Ie19ac00f2e96836667e8a5c18fafeaf6b6eadb25
diff --git a/domain.te b/domain.te index 87ec2ee..c7fe3be 100644 --- a/domain.te +++ b/domain.te
@@ -397,3 +397,5 @@ # TODO: prohibit non-zygote spawned processes from using shared libraries # with text relocations. b/20013628 . # neverallow { domain -appdomain } file_type:file execmod; + +neverallow { domain -init } proc:{ file dir } mounton;