platform_system_sepolicy/public/shared_relro.te

# Process which creates/updates shared RELRO files to be used by other apps.
type shared_relro, domain;

# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.
Define SELinux policy for RELRO sharing support. Define a domain and appropriate access rules for shared RELRO files (used for loading the WebView native library). Any app is permitted to read the files as they are public data, but only the shared_relro process is permitted to create/update them. Bug: 13005501 Change-Id: I9d5ba9e9eedb9b8c80fe6f84a3fc85a68553d52e 2014-05-23 12:01:58 +02:00			`# Process which creates/updates shared RELRO files to be used by other apps.`
Move domain_deprecated into private policy This attribute is being actively removed from policy. Since attributes are not being versioned, partners must not be able to access and use this attribute. Move it from private and verify in the logs that rild and tee are not using these permissions. Bug: 38316109 Test: build and boot Marlin Test: Verify that rild and tee are not being granted any of these permissions. Merged-In: I31beeb5bdf3885195310b086c1af3432dc6a349b Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b (cherry picked from commit 76aab82cb3a7560d3d78f93c7f2d00ed381192c4) 2017-05-15 22:19:03 +02:00			`type shared_relro, domain;`
Add "DO NOT ADD statements" comments to public For visibility Bug: 232023812 Test: N/A Change-Id: I0bc6dc568210b81ba1f52acb18afd4bcc454ea1c 2024-03-28 02:37:28 +01:00
			`# system/sepolicy/public is for vendor-facing type and attribute definitions.`
			`# DO NOT ADD allow, neverallow, or dontaudit statements here.`
			`# Instead, add such policy rules to system/sepolicy/private/*.te.`