Merge "Update seapp_contexts with isIsolatedComputeApp selector" am: eb1290f511
am: cbd5aa73ff
am: 0e848232ec
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2390135 Change-Id: I742ed5d1761b9531ac41a5b84177265ef4671854 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
12b3014623
2 changed files with 12 additions and 1 deletions
|
@ -11,6 +11,7 @@
|
|||
# isPrivApp (boolean)
|
||||
# minTargetSdkVersion (unsigned integer)
|
||||
# fromRunAs (boolean)
|
||||
# isIsolatedComputeApp (boolean)
|
||||
#
|
||||
# All specified input selectors in an entry must match (i.e. logical AND).
|
||||
# An unspecified string or boolean selector with no default will match any
|
||||
|
@ -40,6 +41,11 @@
|
|||
# it has a default value of 0.
|
||||
# fromRunAs=true means the process being labeled is started by run-as. Default
|
||||
# is false.
|
||||
# isIsolatedComputeApp=true means the process re-uses an isolated Uid but not
|
||||
# restricted to run in an isolated_app domain. Processes match this selector will
|
||||
# be mapped to isolated_compute_app by default. It is expected to be used together
|
||||
# with user=_isolated. This selector should not be used unless it is intended
|
||||
# to provide isolated processes with relaxed security restrictions.
|
||||
#
|
||||
# Precedence: entries are compared using the following rules, in the order shown
|
||||
# (see external/selinux/libselinux/src/android/android_platform.c,
|
||||
|
@ -57,6 +63,7 @@
|
|||
# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
|
||||
# defaults to 0 if unspecified.
|
||||
# (8) fromRunAs=true before fromRunAs=false.
|
||||
# (9) isIsolatedComputeApp=true before isIsolatedComputeApp=false
|
||||
# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
|
||||
# longer prefix is more specific than a shorter prefix.)
|
||||
# Apps are checked against entries in precedence order until the first match,
|
||||
|
@ -122,9 +129,12 @@ neverallow user=((?!shared_relro).)* domain=shared_relro
|
|||
|
||||
# neverallow non-isolated uids into isolated_app domain
|
||||
# and vice versa
|
||||
neverallow user=_isolated domain=((?!isolated_app).)*
|
||||
neverallow user=_isolated isIsolatedComputeApp=false domain=((?!isolated_app).)*
|
||||
neverallow user=((?!_isolated).)* domain=isolated_app
|
||||
|
||||
# neverallow isolatedComputeApp into domains other than isolated_compute_app
|
||||
neverallow user=_isolated isIsolatedComputeApp=true domain=((?!isolated_compute_app).)*
|
||||
|
||||
# uid shell should always be in shell domain, however non-shell
|
||||
# uid's can be in shell domain
|
||||
neverallow user=shell domain=((?!shell).)*
|
||||
|
|
|
@ -213,6 +213,7 @@ key_map rules[] = {
|
|||
{ .name = "isPrivApp", .dir = dir_in, .fn_validate = validate_bool },
|
||||
{ .name = "minTargetSdkVersion", .dir = dir_in, .fn_validate = validate_uint },
|
||||
{ .name = "fromRunAs", .dir = dir_in, .fn_validate = validate_bool },
|
||||
{ .name = "isIsolatedComputeApp", .dir = dir_in, .fn_validate = validate_bool },
|
||||
/*Outputs*/
|
||||
{ .name = "domain", .dir = dir_out, .fn_validate = validate_domain },
|
||||
{ .name = "type", .dir = dir_out, .fn_validate = validate_type },
|
||||
|
|
Loading…
Reference in a new issue