9a19885c4cbb2ded4dd0833d38636e6bd2c2c802 - LeafOS-Project/android_system_sepolicy

commit	9a19885c4cbb2ded4dd0833d38636e6bd2c2c802	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Jul 12 21:28:41 2013 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Jul 12 21:28:41 2013 -0700
tree	93db7dfe7f85566afd0e2b060e0ce4a2e0c78179
parent	748fdef626d1dda2a0a727ea35d85d04363f5307 [diff]

remove "self:process ptrace" from domain, netd neverallow rules

Remove "self:process ptrace" from all SELinux enforced domains.
In general, a process should never need to ptrace itself.
We can add this back to more narrowly scoped domains as needed.

Add a bunch of neverallow assertions to netd.te, to verify that netd
never gets unexpected capabilities.

Change-Id: Ie862dc95bec84068536bb64705667e36210c5f4e

domain.te[diff]
netd.te[diff]

2 files changed

tree: 93db7dfe7f85566afd0e2b060e0ce4a2e0c78179