Merge "Temporarily revert the SELinux policy for persist.netd.stable_secret."
This commit is contained in:
Lorenzo Colitti
Gerrit Code Review
commit
c501c34523
3 changed files with 0 additions and 11 deletions
|
|
@ -50,7 +50,6 @@ persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
||||||
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
|
||||||
persist.log.tag u:object_r:log_tag_prop:s0
|
persist.log.tag u:object_r:log_tag_prop:s0
|
||||||
persist.mmc. u:object_r:mmc_prop:s0
|
persist.mmc. u:object_r:mmc_prop:s0
|
||||||
persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0
|
|
||||||
persist.sys. u:object_r:system_prop:s0
|
persist.sys. u:object_r:system_prop:s0
|
||||||
persist.sys.safemode u:object_r:safemode_prop:s0
|
persist.sys.safemode u:object_r:safemode_prop:s0
|
||||||
ro.sys.safemode u:object_r:safemode_prop:s0
|
ro.sys.safemode u:object_r:safemode_prop:s0
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,6 @@ allow netd dnsmasq:process signal;
|
||||||
allow netd clatd:process signal;
|
allow netd clatd:process signal;
|
||||||
|
|
||||||
set_prop(netd, ctl_mdnsd_prop)
|
set_prop(netd, ctl_mdnsd_prop)
|
||||||
set_prop(netd, netd_stable_secret_prop)
|
|
||||||
|
|
||||||
# Allow netd to publish a binder service and make binder calls.
|
# Allow netd to publish a binder service and make binder calls.
|
||||||
binder_use(netd)
|
binder_use(netd)
|
||||||
|
|
@ -105,11 +104,3 @@ neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
|
||||||
neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
|
neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
|
||||||
neverallow { domain -system_server -dumpstate } netd:binder call;
|
neverallow { domain -system_server -dumpstate } netd:binder call;
|
||||||
neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
|
neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
|
||||||
|
|
||||||
# persist.netd.stable_secret contains RFC 7217 secret key which should never be
|
|
||||||
# leaked to other processes. Make sure it never leaks.
|
|
||||||
neverallow { domain -netd -init } netd_stable_secret_prop:file r_file_perms;
|
|
||||||
|
|
||||||
# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
|
|
||||||
# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
|
|
||||||
neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
|
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,6 @@ type log_tag_prop, property_type, log_property_type;
|
||||||
type mmc_prop, property_type;
|
type mmc_prop, property_type;
|
||||||
type net_dns_prop, property_type;
|
type net_dns_prop, property_type;
|
||||||
type net_radio_prop, property_type, core_property_type;
|
type net_radio_prop, property_type, core_property_type;
|
||||||
type netd_stable_secret_prop, property_type;
|
|
||||||
type nfc_prop, property_type, core_property_type;
|
type nfc_prop, property_type, core_property_type;
|
||||||
type overlay_prop, property_type;
|
type overlay_prop, property_type;
|
||||||
type pan_result_prop, property_type, core_property_type;
|
type pan_result_prop, property_type, core_property_type;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue