Split general policy into public and private components.
Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
This commit is contained in:
parent
f1eabc5683
commit
cc39f63773
187 changed files with 330 additions and 184 deletions
96
Android.mk
96
Android.mk
|
@ -26,13 +26,49 @@ ifdef BOARD_SEPOLICY_M4DEFS
|
|||
LOCAL_ADDITIONAL_M4DEFS := $(addprefix -D, $(BOARD_SEPOLICY_M4DEFS))
|
||||
endif
|
||||
|
||||
# Builds paths for all policy files found in BOARD_SEPOLICY_DIRS and the LOCAL_PATH.
|
||||
# $(1): the set of policy name paths to build
|
||||
build_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(LOCAL_PATH) $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))
|
||||
# sepolicy is now divided into multiple portions:
|
||||
# public - policy exported on which non-platform policy developers may write
|
||||
# additional policy. types and attributes are versioned and included in
|
||||
# delivered non-platform policy, which is to be combined with platform policy.
|
||||
# private - platform-only policy required for platform functionality but which
|
||||
# is not exported to vendor policy developers and as such may not be assumed
|
||||
# to exist.
|
||||
# mapping - TODO. This contains policy statements which map the attributes
|
||||
# exposed in the public policy of previous versions to the concrete types used
|
||||
# in this policy to ensure that policy targeting attributes from public
|
||||
# policy from an older platform version continues to work.
|
||||
|
||||
# TODO - build process for device:
|
||||
# 1) convert policies to CIL:
|
||||
# - private + public platform policy to CIL
|
||||
# - mapping file to CIL (should already be in CIL form)
|
||||
# - non-platform public policy to CIL
|
||||
# - non-platform public + private policy to CIL
|
||||
# 2) attributize policy
|
||||
# - TODO: do this for platform policy?
|
||||
# - run script which takes non-platform public and non-platform combined
|
||||
# private + public policy and produces attributized and versioned
|
||||
# non-platform policy
|
||||
# 3) combine policy files
|
||||
# - combine mapping, platform and non-platform policy.
|
||||
# - compile output binary policy file
|
||||
|
||||
PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
|
||||
PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
|
||||
|
||||
###########################################################
|
||||
# Compute policy files to be used in policy build.
|
||||
# $(1): files to include
|
||||
# $(2): directories in which to find files
|
||||
###########################################################
|
||||
|
||||
define build_policy
|
||||
$(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(2)), $(sort $(wildcard $(file)))))
|
||||
endef
|
||||
|
||||
# Builds paths for all policy files found in BOARD_SEPOLICY_DIRS.
|
||||
# $(1): the set of policy name paths to build
|
||||
build_device_policy = $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(BOARD_SEPOLICY_DIRS)), $(sort $(wildcard $(file)))))
|
||||
build_device_policy = $(call build_policy, $(1), $(BOARD_SEPOLICY_DIRS))
|
||||
|
||||
# Add a file containing only a newline in-between each policy configuration
|
||||
# 'contexts' file. This will allow OEM policy configuration files without a
|
||||
|
@ -92,11 +128,28 @@ endif
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
platform_policy.conf := $(intermediates)/plat_policy.conf
|
||||
$(platform_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||
$(platform_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||
$(platform_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(platform_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
|
||||
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
|
||||
-D target_build_variant=$(TARGET_BUILD_VARIANT) \
|
||||
-s $^ > $@
|
||||
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
|
||||
|
||||
# TODO: add steps for non-platform public and combined files with checkpolicy
|
||||
# support. b/31932523
|
||||
|
||||
sepolicy_policy.conf := $(intermediates)/policy.conf
|
||||
$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||
$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files))
|
||||
$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
|
||||
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
|
||||
|
@ -135,7 +188,8 @@ sepolicy_policy_recovery.conf := $(intermediates)/policy_recovery.conf
|
|||
$(sepolicy_policy_recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||
$(sepolicy_policy_recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||
$(sepolicy_policy_recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files))
|
||||
$(sepolicy_policy_recovery.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
|
||||
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
|
||||
|
@ -168,12 +222,10 @@ LOCAL_MODULE_TAGS := tests
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
exp_sepolicy_build_files :=\
|
||||
$(foreach file, $(addprefix $(LOCAL_PATH)/, $(sepolicy_build_files)), $(sort $(wildcard $(file))))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
|
||||
$(LOCAL_BUILT_MODULE): $(exp_sepolicy_build_files)
|
||||
$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
|
||||
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
|
||||
mkdir -p $(dir $@)
|
||||
$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
|
||||
-D target_build_variant=user \
|
||||
|
@ -223,9 +275,9 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||
# Note: That a newline file is placed between each file_context file found to
|
||||
# ensure a proper build when an fc file is missing an ending newline.
|
||||
|
||||
local_fc_files := $(LOCAL_PATH)/file_contexts
|
||||
local_fc_files := $(PLAT_PRIVATE_POLICY)/file_contexts
|
||||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
local_fc_files := $(local_fc_files) $(LOCAL_PATH)/file_contexts_asan
|
||||
local_fc_files := $(local_fc_files) $(PLAT_PRIVATE_POLICY)/file_contexts_asan
|
||||
endif
|
||||
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
|
||||
|
||||
|
@ -281,7 +333,7 @@ LOCAL_MODULE_TAGS := tests
|
|||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
general_file_contexts.tmp := $(intermediates)/general_file_contexts.tmp
|
||||
$(general_file_contexts.tmp): $(addprefix $(LOCAL_PATH)/, file_contexts)
|
||||
$(general_file_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, file_contexts)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $< > $@
|
||||
|
||||
|
@ -302,7 +354,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_sc_files := $(call build_policy, seapp_contexts)
|
||||
all_sc_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(all_sc_files)
|
||||
|
@ -321,7 +373,7 @@ LOCAL_MODULE_TAGS := tests
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_sc_files := $(addprefix $(LOCAL_PATH)/, seapp_contexts)
|
||||
all_sc_files := $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts)
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_general_sepolicy)
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILE := $(all_sc_files)
|
||||
|
@ -339,7 +391,7 @@ LOCAL_MODULE_TAGS := tests
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
$(LOCAL_BUILT_MODULE): $(addprefix $(LOCAL_PATH)/, seapp_contexts)
|
||||
$(LOCAL_BUILT_MODULE): $(addprefix $(PLAT_PRIVATE_POLICY)/, seapp_contexts)
|
||||
@mkdir -p $(dir $@)
|
||||
- $(hide) grep -ie '^neverallow' $< > $@
|
||||
|
||||
|
@ -354,7 +406,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_pc_files := $(call build_policy, property_contexts)
|
||||
all_pc_files := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
all_pcfiles_with_nl := $(call add_nl, $(all_pc_files), $(built_nl))
|
||||
|
||||
property_contexts.tmp := $(intermediates)/property_contexts.tmp
|
||||
|
@ -386,7 +438,7 @@ LOCAL_MODULE_TAGS := tests
|
|||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
general_property_contexts.tmp := $(intermediates)/general_property_contexts.tmp
|
||||
$(general_property_contexts.tmp): $(addprefix $(LOCAL_PATH)/, property_contexts)
|
||||
$(general_property_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, property_contexts)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $< > $@
|
||||
|
||||
|
@ -408,7 +460,7 @@ LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
|
|||
|
||||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
all_svc_files := $(call build_policy, service_contexts)
|
||||
all_svc_files := $(call build_policy, service_contexts, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
all_svcfiles_with_nl := $(call add_nl, $(all_svc_files), $(built_nl))
|
||||
|
||||
service_contexts.tmp := $(intermediates)/service_contexts.tmp
|
||||
|
@ -439,7 +491,7 @@ LOCAL_MODULE_TAGS := tests
|
|||
include $(BUILD_SYSTEM)/base_rules.mk
|
||||
|
||||
general_service_contexts.tmp := $(intermediates)/general_service_contexts.tmp
|
||||
$(general_service_contexts.tmp): $(addprefix $(LOCAL_PATH)/, service_contexts)
|
||||
$(general_service_contexts.tmp): $(addprefix $(PLAT_PRIVATE_POLICY)/, service_contexts)
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $< > $@
|
||||
|
||||
|
@ -464,11 +516,11 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||
# Build keys.conf
|
||||
mac_perms_keys.tmp := $(intermediates)/keys.tmp
|
||||
$(mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(mac_perms_keys.tmp): $(call build_policy, keys.conf)
|
||||
$(mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
|
||||
|
||||
all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE))
|
||||
all_mac_perms_files := $(call build_policy, $(LOCAL_MODULE), $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
|
||||
|
||||
# Should be synced with keys.conf.
|
||||
all_keys := platform media shared testkey
|
||||
|
|
3
private/adbd.te
Normal file
3
private/adbd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
domain_auto_trans(adbd, shell_exec, shell)
|
2
private/android_hardware_nfc_1_0_service.te
Normal file
2
private/android_hardware_nfc_1_0_service.te
Normal file
|
@ -0,0 +1,2 @@
|
|||
# may be started by init
|
||||
init_daemon_domain(android_hardware_nfc_1_0_service)
|
3
private/audioserver.te
Normal file
3
private/audioserver.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(audioserver)
|
5
private/autoplay_app.te
Normal file
5
private/autoplay_app.te
Normal file
|
@ -0,0 +1,5 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Define and allow access to our own type for ashmem regions.
|
||||
# Label ashmem objects with our own unique type.
|
||||
tmpfs_domain(autoplay_app)
|
4
private/bluetooth.te
Normal file
4
private/bluetooth.te
Normal file
|
@ -0,0 +1,4 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Socket creation under /data/misc/bluedroid.
|
||||
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
3
private/bootanim.te
Normal file
3
private/bootanim.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(bootanim)
|
3
private/bootstat.te
Normal file
3
private/bootstat.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(bootstat)
|
3
private/cameraserver.te
Normal file
3
private/cameraserver.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(cameraserver)
|
6
private/cppreopts.te
Normal file
6
private/cppreopts.te
Normal file
|
@ -0,0 +1,6 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Technically not a daemon but we do want the transition from init domain to
|
||||
# cppreopts to occur.
|
||||
init_daemon_domain(cppreopts)
|
||||
domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename);
|
3
private/debuggerd.te
Normal file
3
private/debuggerd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(debuggerd)
|
4
private/dhcp.te
Normal file
4
private/dhcp.te
Normal file
|
@ -0,0 +1,4 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(dhcp)
|
||||
type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
|
3
private/drmserver.te
Normal file
3
private/drmserver.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(drmserver)
|
6
private/dumpstate.te
Normal file
6
private/dumpstate.te
Normal file
|
@ -0,0 +1,6 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(dumpstate)
|
||||
|
||||
# Execute and transition to the vdc domain
|
||||
domain_auto_trans(dumpstate, vdc_exec, vdc)
|
3
private/fingerprintd.te
Normal file
3
private/fingerprintd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(fingerprintd)
|
3
private/fsck.te
Normal file
3
private/fsck.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(fsck)
|
3
private/gatekeeperd.te
Normal file
3
private/gatekeeperd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(gatekeeperd)
|
3
private/hci_attach.te
Normal file
3
private/hci_attach.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(hci_attach)
|
3
private/hostapd.te
Normal file
3
private/hostapd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(hostapd)
|
3
private/hwservicemanager.te
Normal file
3
private/hwservicemanager.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(hwservicemanager)
|
18
private/init.te
Normal file
18
private/init.te
Normal file
|
@ -0,0 +1,18 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
tmpfs_domain(init)
|
||||
|
||||
# Transitions to seclabel processes in init.rc
|
||||
domain_trans(init, rootfs, adbd)
|
||||
domain_trans(init, rootfs, healthd)
|
||||
domain_trans(init, rootfs, slideshow)
|
||||
recovery_only(`
|
||||
domain_trans(init, rootfs, recovery)
|
||||
')
|
||||
domain_trans(init, shell_exec, shell)
|
||||
domain_trans(init, init_exec, ueventd)
|
||||
domain_trans(init, init_exec, watchdogd)
|
||||
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
|
||||
userdebug_or_eng(`
|
||||
domain_auto_trans(init, logcat_exec, logd)
|
||||
')
|
3
private/inputflinger.te
Normal file
3
private/inputflinger.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(inputflinger)
|
3
private/install_recovery.te
Normal file
3
private/install_recovery.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(install_recovery)
|
12
private/installd.te
Normal file
12
private/installd.te
Normal file
|
@ -0,0 +1,12 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(installd)
|
||||
|
||||
# Run dex2oat in its own sandbox.
|
||||
domain_auto_trans(installd, dex2oat_exec, dex2oat)
|
||||
|
||||
# Run profman in its own sandbox.
|
||||
domain_auto_trans(installd, profman_exec, profman)
|
||||
|
||||
# Run idmap in its own sandbox.
|
||||
domain_auto_trans(installd, idmap_exec, idmap)
|
3
private/kernel.te
Normal file
3
private/kernel.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
domain_auto_trans(kernel, init_exec, init)
|
3
private/keystore.te
Normal file
3
private/keystore.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(keystore)
|
3
private/lmkd.te
Normal file
3
private/lmkd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(lmkd)
|
3
private/logd.te
Normal file
3
private/logd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(logd)
|
3
private/mdnsd.te
Normal file
3
private/mdnsd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(mdnsd)
|
3
private/mediacodec.te
Normal file
3
private/mediacodec.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(mediacodec)
|
3
private/mediadrmserver.te
Normal file
3
private/mediadrmserver.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(mediadrmserver)
|
3
private/mediaextractor.te
Normal file
3
private/mediaextractor.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(mediaextractor)
|
3
private/mediaserver.te
Normal file
3
private/mediaserver.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(mediaserver)
|
3
private/mtp.te
Normal file
3
private/mtp.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(mtp)
|
9
private/netd.te
Normal file
9
private/netd.te
Normal file
|
@ -0,0 +1,9 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(netd)
|
||||
|
||||
# Allow netd to spawn dnsmasq in it's own domain
|
||||
domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
|
||||
|
||||
# Allow netd to start clatd in its own domain
|
||||
domain_auto_trans(netd, clatd_exec, clatd)
|
4
private/otapreopt_chroot.te
Normal file
4
private/otapreopt_chroot.te
Normal file
|
@ -0,0 +1,4 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
|
||||
domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
|
5
private/otapreopt_slot.te
Normal file
5
private/otapreopt_slot.te
Normal file
|
@ -0,0 +1,5 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Technically not a daemon but we do want the transition from init domain to
|
||||
# cppreopts to occur.
|
||||
init_daemon_domain(otapreopt_slot)
|
3
private/postinstall.te
Normal file
3
private/postinstall.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot)
|
5
private/postinstall_dexopt.te
Normal file
5
private/postinstall_dexopt.te
Normal file
|
@ -0,0 +1,5 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Run dex2oat/patchoat in its own sandbox.
|
||||
# We have to manually transition, as we don't have an entrypoint.
|
||||
domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat)
|
3
private/ppp.te
Normal file
3
private/ppp.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
domain_auto_trans(mtp, ppp_exec, ppp)
|
3
private/racoon.te
Normal file
3
private/racoon.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(racoon)
|
3
private/recovery_persist.te
Normal file
3
private/recovery_persist.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(recovery_persist)
|
3
private/recovery_refresh.te
Normal file
3
private/recovery_refresh.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(recovery_refresh)
|
3
private/rild.te
Normal file
3
private/rild.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(rild)
|
4
private/runas.te
Normal file
4
private/runas.te
Normal file
|
@ -0,0 +1,4 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# ndk-gdb invokes adb shell run-as.
|
||||
domain_auto_trans(shell, runas_exec, runas)
|
3
private/sdcardd.te
Normal file
3
private/sdcardd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
|
3
private/servicemanager.te
Normal file
3
private/servicemanager.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(servicemanager)
|
3
private/surfaceflinger.te
Normal file
3
private/surfaceflinger.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(surfaceflinger)
|
6
private/system_server.te
Normal file
6
private/system_server.te
Normal file
|
@ -0,0 +1,6 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# Define a type for tmpfs-backed ashmem regions.
|
||||
tmpfs_domain(system_server)
|
||||
# Create a socket for connections from debuggerd.
|
||||
type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
|
3
private/tee.te
Normal file
3
private/tee.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(tee)
|
3
private/toolbox.te
Normal file
3
private/toolbox.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(toolbox)
|
3
private/tzdatacheck.te
Normal file
3
private/tzdatacheck.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(tzdatacheck)
|
3
private/ueventd.te
Normal file
3
private/ueventd.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
tmpfs_domain(ueventd)
|
3
private/uncrypt.te
Normal file
3
private/uncrypt.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(uncrypt)
|
3
private/update_engine.te
Normal file
3
private/update_engine.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(update_engine);
|
5
private/update_engine_common.te
Normal file
5
private/update_engine_common.te
Normal file
|
@ -0,0 +1,5 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
# The postinstall program is run by update_engine_common and will always be tagged as a
|
||||
# postinstall_file regardless of its attributes in the new system.
|
||||
domain_auto_trans(update_engine_common, postinstall_file, postinstall)
|
3
private/update_verifier.te
Normal file
3
private/update_verifier.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(update_verifier)
|
3
private/vdc.te
Normal file
3
private/vdc.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(vdc)
|
19
private/vold.te
Normal file
19
private/vold.te
Normal file
|
@ -0,0 +1,19 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(vold)
|
||||
|
||||
# Switch to more restrictive domains when executing common tools
|
||||
domain_auto_trans(vold, sgdisk_exec, sgdisk);
|
||||
domain_auto_trans(vold, sdcardd_exec, sdcardd);
|
||||
|
||||
# For a handful of probing tools, we choose an even more restrictive
|
||||
# domain when working with untrusted block devices
|
||||
domain_trans(vold, shell_exec, blkid);
|
||||
domain_trans(vold, shell_exec, blkid_untrusted);
|
||||
domain_trans(vold, fsck_exec, fsck);
|
||||
domain_trans(vold, fsck_exec, fsck_untrusted);
|
||||
|
||||
# Newly created storage dirs are always treated as mount stubs to prevent us
|
||||
# from accidentally writing when the mount point isn't present.
|
||||
type_transition vold storage_file:dir storage_stub_file;
|
||||
type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;
|
3
private/wifi_hal_legacy.te
Normal file
3
private/wifi_hal_legacy.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(wifi_hal_legacy)
|
3
private/wificond.te
Normal file
3
private/wificond.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(wificond)
|
6
private/wpa.te
Normal file
6
private/wpa.te
Normal file
|
@ -0,0 +1,6 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(wpa)
|
||||
|
||||
# Create a socket for receiving info from wpa
|
||||
type_transition wpa wifi_data_file:dir wpa_socket "sockets";
|
3
private/zygote.te
Normal file
3
private/zygote.te
Normal file
|
@ -0,0 +1,3 @@
|
|||
# type_transition must be private policy the domain_trans rules could stay
|
||||
# public, but conceptually should go with this
|
||||
init_daemon_domain(zygote)
|
|
@ -7,8 +7,6 @@ userdebug_or_eng(`
|
|||
allow adbd su:process dyntransition;
|
||||
')
|
||||
|
||||
domain_auto_trans(adbd, shell_exec, shell)
|
||||
|
||||
# Do not sanitize the environment or open fds of the shell. Allow signaling
|
||||
# created processes.
|
||||
allow adbd shell:process { noatsecure signal };
|
|
@ -2,9 +2,6 @@
|
|||
type android_hardware_nfc_1_0_service, domain;
|
||||
type android_hardware_nfc_1_0_service_exec, exec_type, file_type;
|
||||
|
||||
# may be started by init
|
||||
init_daemon_domain(android_hardware_nfc_1_0_service)
|
||||
|
||||
# hwbinder access
|
||||
hwbinder_use(android_hardware_nfc_1_0_service)
|
||||
|
|
@ -2,8 +2,6 @@
|
|||
type audioserver, domain;
|
||||
type audioserver_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(audioserver)
|
||||
|
||||
r_dir_file(audioserver, sdcard_type)
|
||||
|
||||
binder_use(audioserver)
|
|
@ -16,9 +16,6 @@ type autoplay_app, domain;
|
|||
allow autoplay_app self:process execmem;
|
||||
allow autoplay_app ashmem_device:chr_file execute;
|
||||
|
||||
# Define and allow access to our own type for ashmem regions.
|
||||
# Label ashmem objects with our own unique type.
|
||||
tmpfs_domain(autoplay_app)
|
||||
# Map with PROT_EXEC.
|
||||
allow autoplay_app autoplay_app_tmpfs:file execute;
|
||||
|
|
@ -14,7 +14,6 @@ allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
|
|||
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
|
||||
|
||||
# Socket creation under /data/misc/bluedroid.
|
||||
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
||||
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
||||
|
||||
# bluetooth factory file accesses.
|
|
@ -2,8 +2,6 @@
|
|||
type bootanim, domain;
|
||||
type bootanim_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(bootanim)
|
||||
|
||||
binder_use(bootanim)
|
||||
binder_call(bootanim, surfaceflinger)
|
||||
binder_call(bootanim, audioserver)
|
|
@ -2,8 +2,6 @@
|
|||
type bootstat, domain;
|
||||
type bootstat_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(bootstat)
|
||||
|
||||
# Allow persistent storage in /data/misc/bootstat.
|
||||
allow bootstat bootstat_data_file:dir rw_dir_perms;
|
||||
allow bootstat bootstat_data_file:file create_file_perms;
|
|
@ -2,8 +2,6 @@
|
|||
type cameraserver, domain;
|
||||
type cameraserver_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(cameraserver)
|
||||
|
||||
binder_use(cameraserver)
|
||||
binder_call(cameraserver, binderservicedomain)
|
||||
binder_call(cameraserver, appdomain)
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue