287 files changed, 177798 insertions, 0 deletions
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te new file mode 100644 index 0000000..683ea47 --- a/dev/null +++ b/sepolicy/zygote.te @@ -0,0 +1,13 @@ +allow zygote cpuctl_device:dir search; +allow zygote self:process execmem; +allow zygote mediaserver:process { getpgid setpgid }; + +allow zygote untrusted_app:process ptrace; + +allow zygote self:capability sys_nice; + +get_prop(zygote, media_prop) + +allow zygote kernel:system module_request; + +allow zygote vendor_file:file { read open getattr execute }; |