diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2016-06-20 15:12:19 -0700 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2016-06-20 15:12:19 -0700 |
commit | e2cd1a06b19d7789780bd9c1470017bb8aeabf11 (patch) | |
tree | f0db3f275400e93ade6f28b1f03eab4fe8f49006 | |
parent | 09ea21093b8748df749ebcf7734bee0b33e6cbb5 (diff) | |
download | bullhead-nougat-mr1-wear-release.tar.gz |
Remove access to /dev/diag for apps on debug buildsandroid-wear-n-preview-2android-wear-7.1.1_r1android-n-preview-5android-n-iot-preview-2nougat-mr1-wear-releasen-iot-preview-2
Individual app domains may still be explicitly granted access as-is
currently done for platform_app.
Bug: 27349724
Change-Id: Ie4b0b7264d2d9cc73ed75d13e7bbd5fcb3432287
-rw-r--r-- | sepolicy/domain.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te index ef82827..ee24d7f 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -1,5 +1,5 @@ userdebug_or_eng(` - allow domain diag_device:chr_file rw_file_perms; + allow { domain -appdomain } diag_device:chr_file rw_file_perms; ') r_dir_file(domain, sysfs_socinfo); |