| commit | fa56130d4bcb92268d0c8e5051dcbf43459f0fde | [log] [tgz] |
|---|---|---|
| author | Bram Bonne <brambonne@google.com> | Mon Apr 25 13:28:52 2022 +0200 |
| committer | Bram Bonne <brambonne@google.com> | Thu Apr 28 11:00:49 2022 +0200 |
| tree | be075d6c7e87268bb55ac9ea2348cf6624bee4e2 | |
| parent | 5ed8b6506119840c32b12b6cb58a68d4d6658db2 [diff] |
Prevent sandbox executing from sdk_sandbox_data_file Bug: 215105355 Test: make Change-Id: I73c6a0d5034f194bf7149336fdac1db51a2b151d Merged-In: I73c6a0d5034f194bf7149336fdac1db51a2b151d (cherry picked from commit I73c6a0d5034f194bf7149336fdac1db51a2b151d)
diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te index b18b7dd..029be53 100644 --- a/private/sdk_sandbox.te +++ b/private/sdk_sandbox.te
@@ -47,7 +47,7 @@ ### neverallow rules ### -neverallow sdk_sandbox { app_data_file privapp_data_file }:file { execute execute_no_trans }; +neverallow sdk_sandbox { app_data_file privapp_data_file sdk_sandbox_data_file }:file { execute execute_no_trans }; # Receive or send uevent messages. neverallow sdk_sandbox domain:netlink_kobject_uevent_socket *;