tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Revert^3 "Start tracking vendor seapp coredomain violations"" into main

Browse source
This commit is contained in:
Treehugger Robot 2023-09-18 05:06:32 +00:00 committed by Gerrit Code Review
commit 531e26d991
2 changed files with 1 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
public/attributes
View file

@ -300,11 +300,6 @@ expandattribute untrusted_app_visible_hwservice_violators false;
attribute untrusted_app_visible_halserver_violators;
expandattribute untrusted_app_visible_halserver_violators false;
# All system domains which are assignable with vendor's seapp_contexts files.
# TODO(b/280547417): Remove this once there are no violations
attribute vendor_seapp_assigns_coredomain_violators;
expandattribute vendor_seapp_assigns_coredomain_violators false;
# PDX services
attribute pdx_endpoint_dir_type;
attribute pdx_endpoint_socket_type;

9
tools/check_seapp.c
View file

@ -22,7 +22,6 @@
#define APP_DATA_REQUIRED_ATTRIB "app_data_file_type"
#define COREDOMAIN "coredomain"
#define VENDOR_SEAPP_ASSIGNS_COREDOMAIN_VIOLATORS "vendor_seapp_assigns_coredomain_violators"
/**
* Initializes an empty, static list.
@ -450,13 +449,7 @@ static bool validate_domain(char *value, const char *filename, int lineno, char
return false;
}
type_datum_t *attrib_violators = find_type(pol.db,
VENDOR_SEAPP_ASSIGNS_COREDOMAIN_VIOLATORS,
TYPE_ATTRIB);
bool allowlisted = attrib_violators != NULL &&
type_has_attribute(pol.db, type_dat, attrib_violators);
if (type_has_attribute(pol.db, type_dat, attrib_dat) && !allowlisted) {
if (type_has_attribute(pol.db, type_dat, attrib_dat)) {
coredomain_violation_entry *entry = (coredomain_violation_entry *)malloc(sizeof(*entry));
entry->domain = strdup(value);
entry->filename = strdup(filename);