tequilaOS/platform_system_sepolicy

13649 commits 1 branch 0 tags 50 MiB

Author	SHA1	Message	Date
Neil Fuller	5684f61fe2	Allow the shell user to run tzdatacheck Allow the shell user to run tzdatacheck, which is required to enable a new host side test. This change also adds some additional checks to tzdatacheck.te to ensure that OEMs opening up permissions further don't accidentally create a security hole. Bug: 31008728 Test: Ran CTS Change-Id: I6ebfb467526b6b2ea08f891420eea24c81ed1e36	2017-04-20 09:31:36 +00:00
Nick Kralevich	6a259ccd9d	remove more domain_deprecated Test: no denials showing up in log collection Test: device boots Bug: 28760354 Change-Id: I089cfcf486464952fcbb52cce9f6152caf662c23	2016-12-09 19:57:43 -08:00
dcashman	cc39f63773	Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c	2016-10-06 13:09:06 -07:00

Author

SHA1

Message

Date

Neil Fuller

5684f61fe2

Allow the shell user to run tzdatacheck

Allow the shell user to run tzdatacheck, which is required
to enable a new host side test.

This change also adds some additional checks to
tzdatacheck.te to ensure that OEMs opening up permissions
further don't accidentally create a security hole.

Bug: 31008728
Test: Ran CTS
Change-Id: I6ebfb467526b6b2ea08f891420eea24c81ed1e36

2017-04-20 09:31:36 +00:00

Nick Kralevich

6a259ccd9d

remove more domain_deprecated

Test: no denials showing up in log collection
Test: device boots
Bug: 28760354
Change-Id: I089cfcf486464952fcbb52cce9f6152caf662c23

2016-12-09 19:57:43 -08:00

dcashman

cc39f63773

Split general policy into public and private components.

Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c

2016-10-06 13:09:06 -07:00

Renamed from tzdatacheck.te (Browse further)

3 commits