579366a0baf589554a8b7d1e40ad1f5512cc5c0b - android_system_sepolicy

commit	579366a0baf589554a8b7d1e40ad1f5512cc5c0b	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Oct 04 13:28:05 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Oct 05 18:16:46 2017 +0000
tree	c85fed59480b4eb3d03840458e3b106a580c5b2f
parent	7a83d44f7f896ed8896d8d4dd211ed1a2cc94859 [diff]

Ensure /sys restrictions for isolated_apps

isolated_apps are intended to be strictly limited in the /sys files
which can be read. Add a neverallow assertion to guarantee this on all
Android compatible devices.

Test: policy compiles.
Change-Id: I47aceefa3f43a7ea9e526f6f0ef377d0b4efbe3a

private/isolated_app.te[diff]

1 file changed

tree: c85fed59480b4eb3d03840458e3b106a580c5b2f

prebuilts/
private/
public/
reqd_mask/
tests/
tools/
vendor/
Android.bp
Android.mk
CleanSpec.mk
definitions.mk
MODULE_LICENSE_PUBLIC_DOMAIN
NOTICE
OWNERS
PREUPLOAD.cfg
README