This website requires JavaScript.
Explore
Help
Register
Sign In
tequilaOS
/
platform_system_sepolicy
Watch
2
Star
0
Fork
You've already forked platform_system_sepolicy
0
Code
Issues
Pull requests
Projects
Releases
Packages
Wiki
Activity
c09e7e4674
platform_system_sepolicy
/
vendor
/
vndservice_contexts
3 lines
130 B
Text
Raw
Normal View
History
Unescape
Escape
Allow vndservicemanager to self-register. This is useful for tools like dumpsys, so that they work on all services equally as well. Also, so that there is no difference with the regular service manager. Bug: 150579832 Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager' Test: denial is no longer present: 03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0 Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
2020-03-05 18:41:37 +01:00
manager u:object_r:service_manager_vndservice:s0
Add default label and mapping for vendor services Adding the default label/mapping is important because: 1. Lookups of services without an selinux label should generate a denial. 2. In permissive mode, lookups of a service without a label should be be allowed, without the default label service manager disallows access. 3. We can neverallow use of the default label. Bug: 37762790 Test: Build and flash policy onto Marlin with unlabeled vendor services. Add/find of unlabeled vendor services generate a denial. Change-Id: I66531deedc3f9b79616f5d0681c87ed66aca5b80 (cherry picked from commit 639a2b842c78197e153913efbf20ac4df1fe378d)
2017-04-28 21:45:30 +02:00
* u:object_r:default_android_vndservice:s0
Reference in a new issue
Copy permalink