commit | be98d9cff3af80438239662605c5cf9b757a2df6 | [log] [tgz] |
---|---|---|
author | Nick Kralevich <nnk@google.com> | Sat Aug 22 14:47:00 2015 -0700 |
committer | Nick Kralevich <nnk@google.com> | Sat Aug 22 14:47:00 2015 -0700 |
tree | 45042d984be19d1cd1e77ed7f3494a82171d6652 | |
parent | acfd140c045d0bd295389a508ef6952acefb91fc [diff] |
Add /data/local/tmp neverallow rules Add a neverallow rule (compile time assertion) for /data/local/tmp access. /data/local/tmp is intended entirely for the shell user, and it's dangerous for other SELinux domains to access it. See, for example, this commit from 2012: https://android.googlesource.com/platform/system/core/+/f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8 Change-Id: I5a7928ae2b51a574fad4e572b09e60e05b121cfe