tequilaOS/platform_system_sepolicy

Author SHA1 Message Date

Author	SHA1	Message	Date
Inseob Kim	75806ef3c5	Minimize public policy Ideally, public should only contain APIs (types / attributes) for vendor. The other statements like allow/neverallow/typeattributes are regarded as implementation detail for platform and should be in private. Bug: 232023812 Test: m selinux_policy Test: diff <(git diff --staged \| grep "^-" \| cut -b2- \| sort) \ <(git diff --staged \| grep "^+" \| cut -b2- \| sort) Test: remove comments on plat_sepolicy.cil, replace base_typeattr_* to base_typeattr and then compare old and new plat_sepolicy.cil Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12	2024-03-28 00:33:46 +00:00
Inseob Kim	55e5c9b513	Move system property rules to private public/property split is landed to selectively export public types to vendors. So rules happening within system should be in private. This introduces private/property.te and moves all allow and neverallow rules from any coredomains to system defiend properties. Bug: 150331497 Test: system/sepolicy/tools/build_policies.sh Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe (cherry picked from commit `42c7d8966c`)	2020-03-18 16:46:04 +00:00
Andreas Gampe	82071b6859	Sepolicy: Add ASAN-Extract Add selinux policies for init script and shell script to unzip a tar containing ASAN libraries on boot. Bug: 36458146 Test: m && m SANITIZE_TARGET=address Test: manual (build steps for tar missing) Change-Id: I5c3cb233aae93ee9985431090af902b0e3c1b0a7 (cherry picked from commit `0b74305011`) Merged-In: I5c3cb233aae93ee9985431090af902b0e3c1b0a7	2017-04-05 13:09:29 -07:00

Inseob Kim

75806ef3c5

Minimize public policy

Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.

Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
           <(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
      to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12

2024-03-28 00:33:46 +00:00

Inseob Kim

55e5c9b513

Move system property rules to private

public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.

Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)

2020-03-18 16:46:04 +00:00

Andreas Gampe

82071b6859

Sepolicy: Add ASAN-Extract

Add selinux policies for init script and shell script to unzip a tar
containing ASAN libraries on boot.

Bug: 36458146
Test: m && m SANITIZE_TARGET=address
Test: manual (build steps for tar missing)
Change-Id: I5c3cb233aae93ee9985431090af902b0e3c1b0a7
(cherry picked from commit 0b74305011)
Merged-In: I5c3cb233aae93ee9985431090af902b0e3c1b0a7

2017-04-05 13:09:29 -07:00

3 commits