tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/app.te

8 lines
300 B
Text
Raw Normal View History

sepolicy: add version_policy tool and version non-platform policy. In order to support platform changes without simultaneous updates from non-platform components, the platform and non-platform policies must be split. In order to provide a guarantee that policy written for non-platform objects continues to provide the same access, all types exposed to non-platform policy are versioned by converting them and the policy using them into attributes. This change performs that split, the subsequent versioning and also generates a mapping file to glue the different policy components together. Test: Device boots and runs. Bug: 31369363 Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317
2016-10-12 23:58:09 +02:00
# TODO: deal with tmpfs_domain pub/priv split properly
# Read system properties managed by zygote.
allow appdomain zygote_tmpfs:file read;
Allow More Apps to Recv UDP Sockets from SystemServer This gives the privilege to system apps, platform apps, ephemeral apps, and privileged apps to receive a UDP socket from the system server. This is being added for supporting UDP Encapsulation sockets for IPsec, which must be provided by the system. This is an analogous change to a previous change that permitted these sockets for untrusted_apps: 0f75a62e2c4fb1b6ef8db6f2e5c10ff29f95322d Bug: 70389346 Test: IpSecManagerTest, System app verified with SL4A Change-Id: Iec07e97012e0eab92a95fae9818f80f183325c31
2017-12-15 03:20:30 +01:00
neverallow appdomain system_server:udp_socket {
Allow getsockopt and setsockopt for Encap Sockets Because applications should be able to set the receive timeout on UDP encapsulation sockets, we need to allow setsockopt(). getsockopt() is an obvious allowance as well. Bug: 68689438 Test: compilation Change-Id: I2eaf72bcce5695f1aee7a95ec03111eca577651c
2018-03-27 15:34:54 +02:00
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };
Reference in a new issue Copy permalink