| commit | d2af1614115f989402bfe9165e047cf40279efc5 | [log] [tgz] |
|---|---|---|
| author | Ricardo Cerqueira <ricardo@cyngn.com> | Wed Dec 10 20:28:57 2014 +0000 |
| committer | Nicholas Flintham <nick@flinny.org> | Sat Apr 25 10:35:30 2015 +0100 |
| tree | 1bf51788fb6e0a2093701513571b6303fca8b70d | |
| parent | 0814cd32e15fbd0226e03f00ec7fcb575a52db83 [diff] |
selinux: Workaround for devices with PR_SET_NO_NEW_PRIVS enforcement PR_SET_NO_NEW_PRIVS blocks domain transitions from within app_process, unless the new domain is bounded by the app's context. So we can't switch to a domain that has perms not available to untrusted_app :( This means any app can talk to the daemon, bypassing the su executable client. That's not a good thing, and needs to be resolved. Change-Id: I85b74f90b8737caaa193a0555b5262e7392519b2