diff options
| author | Nick Kralevich <nnk@google.com> | 2017-10-09 23:50:06 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-10-09 23:50:06 +0000 |
| commit | f71e19ee744a6bbac628a8fe85f9f3f2ccfa64ff (patch) | |
| tree | ce0475dc8da4ed8945b2de27e2d8807e724ae9c2 | |
| parent | e0c88010a0f00b0cfe4a93c773c3546fea8219ae (diff) | |
| parent | ebefa71c2c7628a4e149c137fb26085deafb7e90 (diff) | |
| download | bullhead-f71e19ee744a6bbac628a8fe85f9f3f2ccfa64ff.tar.gz | |
Restrict isolated_app's /sys access am: b67d85fdf6 am: 856272c689
am: ebefa71c2c
Change-Id: Ie5a4016a4a5192d992f28cee367563126ffaca88
| -rw-r--r-- | sepolicy/domain.te | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te index ee24d7f..24869b9 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -2,7 +2,7 @@ userdebug_or_eng(` allow { domain -appdomain } diag_device:chr_file rw_file_perms; ') -r_dir_file(domain, sysfs_socinfo); -r_dir_file(domain, sysfs_thermal); -r_dir_file(domain, sysfs_power_management); +r_dir_file({ domain -isolated_app }, sysfs_socinfo); +r_dir_file({ domain -isolated_app }, sysfs_thermal); +r_dir_file({ domain -isolated_app }, sysfs_power_management); r_dir_file(domain, sysfs_devices_system_cpu); |