sepolicy: Clean up policy for N Change-Id: I39ddec0f60a9995de13b82f09705d246d7e0f454

commit: aa38b56dac3528f810a5ca29e45a87009e7620f7 [log] [tgz]
author: Steve Kondik <steve@cyngn.com> Fri Aug 26 02:31:15 2016 -0700
committer: Steve Kondik <steve@cyngn.com> Fri Aug 26 02:52:20 2016 -0700
tree: 302f7b68de9480f8105a0247aeacbb3fd32d946e
parent: 7d2b6d238b586ddcfe5a5c3167371165cbcc5f85 [diff] [blame]
diff --git a/sepolicy/su.te b/sepolicy/su.te
index 473386b..1a2a2b3 100644
--- a/sepolicy/su.te
+++ b/sepolicy/su.te

@@ -66,4 +66,7 @@
   allow system_app superuser_device:dir { create rw_dir_perms setattr unlink };
 
   allow kernel sudaemon:fd { use };
+
 ')
+
+neverallow { domain userdebug_or_eng(`-dumpstate -shell -su -untrusted_app -init -sudaemon') } su_exec:file no_x_file_perms;
commit	aa38b56dac3528f810a5ca29e45a87009e7620f7	[log] [tgz]
author	Steve Kondik <steve@cyngn.com>	Fri Aug 26 02:31:15 2016 -0700
committer	Steve Kondik <steve@cyngn.com>	Fri Aug 26 02:52:20 2016 -0700
tree	302f7b68de9480f8105a0247aeacbb3fd32d946e
parent	7d2b6d238b586ddcfe5a5c3167371165cbcc5f85 [diff] [blame]