tequilaOS/platform_system_sepolicy

32838 commits 1 branch 0 tags 50 MiB

Author	SHA1	Message	Date
Janis Danisevskis	144c822018	Move list permission from keystore2_key to keystore class. The list permission protects the ability to list arbitrary namespaces. This is not a namespace specific permission but a Keystore specific permission. Listing the entries of a given namsepace is covered by the get_info permission already. Ignore-AOSP-First: This needs to land in googleplex first to updated prebuilt vendor images. Otherwise it breaks aosp-with-phone builds. Test: N/A Change-Id: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8	2020-10-01 05:33:31 +00:00
Janis Danisevskis	abb93f24c0	Make Keystore equivalent policy for Keystore2 Bug: 158500146 Bug: 159466840 Test: keystore2_test tests part of this policy Change-Id: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc Merged-In: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc	2020-08-05 16:11:48 +00:00
Alex Klyubin	84aebd3c9b	Move binderservicedomain policy to private This leaves only the existence of binderservicedomain attribute as public API. All other rules are implementation details of this attribute's policy and are thus now private. Test: No change to policy according to sesearch, except for disappearance of all allow rules to do with *_current targets referenced in binderservicedomain.te. Bug: 31364497 Change-Id: Ic830bcc5ffb6d624e0b3aec831071061cccc513c	2017-02-08 09:09:39 -08:00

Author

SHA1

Message

Date

Janis Danisevskis

144c822018

Move list permission from keystore2_key to keystore class.

The list permission protects the ability to list arbitrary namespaces.
This is not a namespace specific permission but a Keystore specific
permission. Listing the entries of a given namsepace is covered by the
get_info permission already.

Ignore-AOSP-First: This needs to land in googleplex first to updated
                   prebuilt vendor images. Otherwise it breaks
                   aosp-with-phone builds.
Test: N/A
Change-Id: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8

2020-10-01 05:33:31 +00:00

Janis Danisevskis

abb93f24c0

Make Keystore equivalent policy for Keystore2

Bug: 158500146
Bug: 159466840
Test: keystore2_test tests part of this policy
Change-Id: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc
Merged-In: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc

2020-08-05 16:11:48 +00:00

Alex Klyubin

84aebd3c9b

Move binderservicedomain policy to private

This leaves only the existence of binderservicedomain attribute as
public API. All other rules are implementation details of this
attribute's policy and are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules to do with *_current targets
      referenced in binderservicedomain.te.
Bug: 31364497
Change-Id: Ic830bcc5ffb6d624e0b3aec831071061cccc513c

2017-02-08 09:09:39 -08:00

Renamed from public/binderservicedomain.te (Browse further)

3 commits