1. seandroid
  2. Untitled project
  3. external/sepolicy


Stephen Smalley  committed 3f19684 Merge

Merge branch 'seandroid' into intent_mac

  • Participants
  • Parent commits 3ba3df9, d0d4709

Comments (0)

Files changed (1)

File zygote.te

View file
  • Ignore whitespace
 typeattribute zygote mlstrustedsubject;
 # Override DAC on files and switch uid/gid.
 allow zygote self:capability { dac_override setgid setuid };
+# Drop capabilities from bounding set.
+allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;