Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / bd3e300a1309323e02c7144202acb48f40f11946
commitbd3e300a1309323e02c7144202acb48f40f11946[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Aug 07 13:44:20 2018 -0700
committerNick Kralevich <nnk@google.com>Tue Aug 07 13:47:36 2018 -0700
tree64d0ceba663f35993bce1f6d6b2d9654e12dc7f7
parentd90d001a780a96bdeb68aae5806ddcd4aaac8c11 [diff]
Relax some neverallow rules

Kernels above 4.14 have a new mmap permission. However, neverallow rules
exclude the use of mmap, even when file FDs are passable across the
vendor/non-vendor boundary. Since we allow reading / writing of passed
file descriptors, also allow the use of mmap for passed file
descriptors.

Bug: 112171217
Test: policy compiles
Change-Id: I8176f86960bdff0cf5de770809510e9df5d62db9
1 file changed
tree: 64d0ceba663f35993bce1f6d6b2d9654e12dc7f7
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk