seandroid
  Untitled project
  external/sepolicy


Stephen Smalley  committed 3f19684 Merge

Merge branch 'seandroid' into intent_mac

  • Parent commits 3ba3df9, d0d4709

zygote.te

 typeattribute zygote mlstrustedsubject;
 # Override DAC on files and switch uid/gid.
 allow zygote self:capability { dac_override setgid setuid };
+# Drop capabilities from bounding set.
+allow zygote self:capability setpcap;
 # Switch SELinux context to app domains.
 allow zygote system:process dyntransition;
 allow zygote appdomain:process dyntransition;