seinfo for platform based domains should be stated explicitly.

The current policy would allow any application that were to "magically" get a sensitive UID into the coresponding sensitive domain. Rather then only using UID as an input selector, require seinfo=platform. Change-Id: I8a7490ed55bdcd3e4a116aece2c3522b384024ec
2014-09-29 10:29:48 -07:00 · 2014-09-29 10:29:48 -07:00 · 92dfa31f78
commit 92dfa31f78
parent 8a0c25efb0
1 changed files with 6 additions and 6 deletions
--- a/12
+++ b/12
@ -41,12 +41,12 @@
 # level may be used to specify a fixed level for any UID.
 #
 isSystemServer=true domain=system_server
-user=system domain=system_app type=system_app_data_file
-user=bluetooth domain=bluetooth type=bluetooth_data_file
-user=nfc domain=nfc type=nfc_data_file
-user=radio domain=radio type=radio_data_file
-user=shared_relro domain=shared_relro
-user=shell domain=shell type=shell_data_file
+user=system seinfo=platform domain=system_app type=system_app_data_file
+user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
+user=nfc seinfo=platform domain=nfc type=nfc_data_file
+user=radio seinfo=platform domain=radio type=radio_data_file
+user=shared_relro seinfo=platform domain=shared_relro
+user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app domain=untrusted_app type=app_data_file levelFrom=user