Merge "SELinux type for vendor public libs."
am: 59e9d2d8c9
Change-Id: I69b0ef3b55645e7bc99aa25c49a0792ad8c8d2fc
This commit is contained in:
Tri Vo
android-build-merger
commit
9d99ee2316
5 changed files with 22 additions and 2 deletions
|
|
@ -562,7 +562,9 @@
|
|||
(typeattributeset runas_exec_26_0 (runas_exec))
|
||||
(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
|
||||
(typeattributeset safemode_prop_26_0 (safemode_prop))
|
||||
(typeattributeset same_process_hal_file_26_0 (same_process_hal_file))
|
||||
(typeattributeset same_process_hal_file_26_0
|
||||
( same_process_hal_file
|
||||
vendor_public_lib_file))
|
||||
(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
|
||||
(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
|
||||
(typeattributeset sdcardd_26_0 (sdcardd))
|
||||
|
|
|
|||
|
|
@ -1278,7 +1278,9 @@
|
|||
(typeattributeset runas_exec_27_0 (runas_exec))
|
||||
(typeattributeset runtime_event_log_tags_file_27_0 (runtime_event_log_tags_file))
|
||||
(typeattributeset safemode_prop_27_0 (safemode_prop))
|
||||
(typeattributeset same_process_hal_file_27_0 (same_process_hal_file))
|
||||
(typeattributeset same_process_hal_file_27_0
|
||||
( same_process_hal_file
|
||||
vendor_public_lib_file))
|
||||
(typeattributeset samplingprofiler_service_27_0 (samplingprofiler_service))
|
||||
(typeattributeset scheduling_policy_service_27_0 (scheduling_policy_service))
|
||||
(typeattributeset sdcardd_27_0 (sdcardd))
|
||||
|
|
|
|||
|
|
@ -116,6 +116,10 @@ r_dir_file(appdomain, vendor_overlay_file)
|
|||
# for vendor provided libraries.
|
||||
r_dir_file(appdomain, vendor_framework_file)
|
||||
|
||||
# Allow apps read / execute access to vendor public libraries.
|
||||
allow appdomain vendor_public_lib_file:dir r_dir_perms;
|
||||
allow appdomain vendor_public_lib_file:file { execute read open getattr map };
|
||||
|
||||
# Execute dex2oat when apps call dexclassloader
|
||||
allow appdomain dex2oat_exec:file rx_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1024,6 +1024,7 @@ full_treble_only(`
|
|||
-same_process_hal_file
|
||||
-vndk_sp_file
|
||||
-vendor_app_file
|
||||
-vendor_public_lib_file
|
||||
}:file execute;
|
||||
')
|
||||
|
||||
|
|
@ -1402,3 +1403,11 @@ neverallow {
|
|||
coredomain
|
||||
-init
|
||||
} mnt_vendor_file:dir *;
|
||||
|
||||
# Only apps are allowed access to vendor public libraries.
|
||||
full_treble_only(`
|
||||
neverallow {
|
||||
coredomain
|
||||
-appdomain
|
||||
} vendor_public_lib_file:file { execute execute_no_trans };
|
||||
')
|
||||
|
|
|
|||
|
|
@ -149,6 +149,9 @@ type vndk_sp_file, vendor_file_type, file_type;
|
|||
type vendor_framework_file, vendor_file_type, file_type;
|
||||
# Default type for everything in /vendor/overlay
|
||||
type vendor_overlay_file, vendor_file_type, file_type;
|
||||
# Type for all vendor public libraries. These libs should only be exposed to
|
||||
# apps. ABI stability of these libs is vendor's responsibility.
|
||||
type vendor_public_lib_file, vendor_file_type, file_type;
|
||||
|
||||
# /metadata partition itself
|
||||
type metadata_file, file_type;
|
||||
|
|
|
|||
Loading…
Reference in a new issue