| commit | 39bf75cab67fbb0b8040eff8016daf42aca1c4d8 | [log] [tgz] |
|---|---|---|
| author | Ricardo Cerqueira <ricardo@cyngn.com> | Wed Dec 10 20:28:57 2014 +0000 |
| committer | Alberto97 <albertop2197@gmail.com> | Fri Dec 26 20:54:39 2014 +0100 |
| tree | eacdba6cc0ee0541088dc5ac7ac2bf008911f6bc | |
| parent | ecf0d80388e291b9d594437f9dedb1297ffb3a8c [diff] |
selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process, unless the new domain is bounded by the app's context. So we can't switch to a domain that has perms not available to untrusted_app :( This means any app can talk to the daemon, bypassing the su executable client. That's not a good thing, and needs to be resolved. Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2