diff options
| author | Nick Kralevich <nnk@google.com> | 2017-10-09 23:48:15 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-10-09 23:48:15 +0000 |
| commit | ebefa71c2c7628a4e149c137fb26085deafb7e90 (patch) | |
| tree | ec05f02dc53fc266803ea8894d36661796bd3afa | |
| parent | f778044bcafae80645acb73e5b557d62587fca03 (diff) | |
| parent | 856272c6890a909cf043c3070f82f54e224b7f8f (diff) | |
| download | bullhead-ebefa71c2c7628a4e149c137fb26085deafb7e90.tar.gz | |
Restrict isolated_app's /sys access am: b67d85fdf6
am: 856272c689
Change-Id: I6f0b001afbd4e0c90b6afb8f88e59a0c39fabfc0
| -rw-r--r-- | sepolicy/domain.te | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te index ee24d7f..24869b9 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -2,7 +2,7 @@ userdebug_or_eng(` allow { domain -appdomain } diag_device:chr_file rw_file_perms; ') -r_dir_file(domain, sysfs_socinfo); -r_dir_file(domain, sysfs_thermal); -r_dir_file(domain, sysfs_power_management); +r_dir_file({ domain -isolated_app }, sysfs_socinfo); +r_dir_file({ domain -isolated_app }, sysfs_thermal); +r_dir_file({ domain -isolated_app }, sysfs_power_management); r_dir_file(domain, sysfs_devices_system_cpu); |