tequilaOS/platform_system_sepolicy

Fork 0

Commit graph

Author	SHA1	Message	Date
Inseob Kim	75806ef3c5	Minimize public policy Ideally, public should only contain APIs (types / attributes) for vendor. The other statements like allow/neverallow/typeattributes are regarded as implementation detail for platform and should be in private. Bug: 232023812 Test: m selinux_policy Test: diff <(git diff --staged \| grep "^-" \| cut -b2- \| sort) \ <(git diff --staged \| grep "^+" \| cut -b2- \| sort) Test: remove comments on plat_sepolicy.cil, replace base_typeattr_* to base_typeattr and then compare old and new plat_sepolicy.cil Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12	2024-03-28 00:33:46 +00:00
Alex Klyubin	08d6f56649	Switch Allocator HAL policy to _client/_server This switches Allocator HAL policy to the design which enables us to identify all SELinux domains which host HALs and all domains which are clients of HALs. Allocator HAL is special in the sense that it's assumed to be always binderized. As a result, rules in Camera HAL target hal_allocator_server rather than hal_allocator (which would be the server and any client, if the Allocator HAL runs in passthrough mode). Test: Device boots up, no new denials Test: YouTube video plays back Test: Take photo using Google Camera app, recover a video, record a slow motion video Bug: 34170079 Change-Id: Ifbbca554ec221712361ee6cda94c82f254d84936	2017-03-20 22:18:12 +00:00
Steven Moreland	72d18125c1	Sepolicy for allocator hal. Bug: 32123421 Test: full build/test of allocator hal using hidl_test Change-Id: I253b4599b6fe6e7f4a2f5f55b34cdeed9e5d769b	2016-12-22 11:39:23 -08:00

Author

SHA1

Message

Date

Inseob Kim

75806ef3c5

Minimize public policy

Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.

Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
           <(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
      to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12

2024-03-28 00:33:46 +00:00

Alex Klyubin

08d6f56649

Switch Allocator HAL policy to _client/_server

This switches Allocator HAL policy to the design which enables us to
identify all SELinux domains which host HALs and all domains which are
clients of HALs.

Allocator HAL is special in the sense that it's assumed to be always
binderized. As a result, rules in Camera HAL target hal_allocator_server
rather than hal_allocator (which would be the server and any client, if
the Allocator HAL runs in passthrough mode).

Test: Device boots up, no new denials
Test: YouTube video plays back
Test: Take photo using Google Camera app, recover a video, record a slow
      motion video
Bug: 34170079
Change-Id: Ifbbca554ec221712361ee6cda94c82f254d84936

2017-03-20 22:18:12 +00:00

Steven Moreland

72d18125c1

Sepolicy for allocator hal.

Bug: 32123421
Test: full build/test of allocator hal using hidl_test
Change-Id: I253b4599b6fe6e7f4a2f5f55b34cdeed9e5d769b

2016-12-22 11:39:23 -08:00

3 commits