commit | 96b1c9ca6f72f3adfa7f6051568efeb450c3756c | [log] [tgz] |
---|---|---|
author | Nick Kralevich <nnk@google.com> | Thu Dec 17 16:38:21 2015 -0800 |
committer | Nick Kralevich <nnk@google.com> | Thu Dec 17 16:46:08 2015 -0800 |
tree | 4dde10a09983945e086e8a304a4e26ad30f8a919 | |
parent | cf7ee8a8e57a3d0c92bfeb4532dfcd82760ecede [diff] |
neverallow debugfs access Don't allow access to the generic debugfs label. Instead, force relabeling to a more specific type. system_server and dumpstate are excluded from this until I have time to fix them. Tighten up the neverallow rules for untrusted_app. It should never be reading any file on /sys/kernel/debug, regardless of the label. Change-Id: Ic7feff9ba3aca450f1e0b6f253f0b56c7918d0fa