Gitiles
Code Review Sign In
review.blissroms.org / platform_vendor_bliss / 4df29e013d896c547d01fa7d50cbcd57f9a91e5c
commit4df29e013d896c547d01fa7d50cbcd57f9a91e5c[log] [tgz]
authorRicardo Cerqueira <ricardo@cyngn.com>Wed Dec 10 20:28:57 2014 +0000
committerRicardo Cerqueira <ricardo@cyngn.com>Wed Dec 10 20:38:34 2014 +0000
tree3d35cfd4daca7b82aadd851fa629c5e9fade3e3d
parent7cd698341ffe2e58570a2448b033d3e78d3b5250 [diff]
selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement

PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process,
unless the new domain is bounded by the app's context. So we can't
switch to a domain that has perms not available to untrusted_app :(

This means any app can talk to the daemon, bypassing the su executable
client. That's not a good thing, and needs to be resolved.

Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2
1 file changed
tree: 3d35cfd4daca7b82aadd851fa629c5e9fade3e3d
  1. bash_completion/
  2. config/
  3. overlay/
  4. prebuilt/
  5. sepolicy/
  6. .gitignore
  7. CHANGELOG.mkdn
  8. CONTRIBUTORS.mkdn
  9. get-prebuilts
  10. LICENSE
  11. README.mkdn
  12. vendorsetup.sh