Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3380927e authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Make secilc accessible by root only 

There's no reason for SELinux policy compiler to be accessible by
anybode other than root.

Test: Device boots -- secilc isn't used yet anyway
Bug: 31363362
Change-Id: I26cf34f1412b8dd471f79271c491b473617a6df6
parent 7a5d535c

libcutils/fs_config.c

+1 −0
Original line number Diff line number Diff line
@@ -180,6 +180,7 @@ static const struct fs_path_config android_files[] = { 
    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump32" },

    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump64" },

    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/debuggerd" },

    { 00700, AID_ROOT,      AID_ROOT,      0, "system/bin/secilc" },

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },

    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },