tequilaOS/platform_system_sepolicy

Author SHA1 Message Date

Author	SHA1	Message	Date
Inseob Kim	75806ef3c5	Minimize public policy Ideally, public should only contain APIs (types / attributes) for vendor. The other statements like allow/neverallow/typeattributes are regarded as implementation detail for platform and should be in private. Bug: 232023812 Test: m selinux_policy Test: diff <(git diff --staged \| grep "^-" \| cut -b2- \| sort) \ <(git diff --staged \| grep "^+" \| cut -b2- \| sort) Test: remove comments on plat_sepolicy.cil, replace base_typeattr_* to base_typeattr and then compare old and new plat_sepolicy.cil Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12	2024-03-28 00:33:46 +00:00
Inseob Kim	55e5c9b513	Move system property rules to private public/property split is landed to selectively export public types to vendors. So rules happening within system should be in private. This introduces private/property.te and moves all allow and neverallow rules from any coredomains to system defiend properties. Bug: 150331497 Test: system/sepolicy/tools/build_policies.sh Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe (cherry picked from commit `42c7d8966c`)	2020-03-18 16:46:04 +00:00
Badhri Jagan Sridharan	4f6eb37f6c	usbd sepolicy Sepolicy for the usb daemon. (ag/3373886/) Bug: 63669128 Test: Checked for avc denial messages. Change-Id: I6e2a4ccf597750c47e1ea90c4d43581de4afa4af	2018-01-20 03:41:21 +00:00

Inseob Kim

75806ef3c5

Minimize public policy

Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.

Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
           <(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
      to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12

2024-03-28 00:33:46 +00:00

Inseob Kim

55e5c9b513

Move system property rules to private

public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.

Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)

2020-03-18 16:46:04 +00:00

Badhri Jagan Sridharan

4f6eb37f6c

usbd sepolicy

Sepolicy for the usb daemon. (ag/3373886/)

Bug: 63669128
Test: Checked for avc denial messages.
Change-Id: I6e2a4ccf597750c47e1ea90c4d43581de4afa4af

2018-01-20 03:41:21 +00:00

3 commits