Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_frameworks_base / 1da49dc9b4f5605990f600e15f6f3c584fe2c0dc
commit1da49dc9b4f5605990f600e15f6f3c584fe2c0dc[log] [tgz]
authorMÃ¥rten Kongstad <marten.kongstad@sony.com>Mon Jan 14 10:03:53 2019 +0100
committerTodd Kennedy <toddke@google.com>Fri Jan 18 10:05:48 2019 -0800
tree4b2257c309d93e4aafbf07a4a13a0b9347b7d760
parent793f1a793c2b9cd8f7356b83b8a2e5fd8d444e9b [diff]
idmap2: lock down write access to /data/resouce-cache

Deny write access to /data/resource-cache for UIDs other than root and
system. While this is already handled by SELinux rules, add an
additional layer of security to explicitly prevent malicious apps from
messing with the system's idmap files.

Test: make idmap2_tests
Change-Id: Id986633558d5d02452276f05f64337a8700f148a
6 files changed
tree: 4b2257c309d93e4aafbf07a4a13a0b9347b7d760
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. startop/
  26. telecomm/
  27. telephony/
  28. test-base/
  29. test-legacy/
  30. test-mock/
  31. test-runner/
  32. tests/
  33. tools/
  34. wifi/
  35. .gitignore
  36. Android.bp
  37. Android.mk
  38. CleanSpec.mk
  39. MODULE_LICENSE_APACHE2
  40. NOTICE
  41. pathmap.mk
  42. PREUPLOAD.cfg