tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47508 commits 1 branch 0 tags 50 MiB
Commit graph

4 commits

Author SHA1 Message Date
Inseob Kim
09b27c7109 Add "DO NOT ADD statements" comments to public 
For visibility

Bug: 232023812
Test: N/A
Change-Id: I0bc6dc568210b81ba1f52acb18afd4bcc454ea1c
 2024-03-28 11:27:43 +09:00
Jeff Vander Stoep
b07c12c39d Iorapd and friends have been removed 
Remove references in sepolicy. Leave a few of the types defined since
they're public and may be used in device-specific policy.

Bug: 211461392
Test: build/boot cuttlefish
Change-Id: I615137b92b82b744628ab9b7959ae5ff28001169
 2022-05-18 12:07:39 +02:00
Jeff Vander Stoep
16ebb161eb traced: move traced_tmpfs to public policy 
Allow the perfetto_producer macro to be used in device-specific
policy.

Bug: 185379881
Test: TH
Change-Id: I6932ff91a3ed095b5edce4076bdfd8607e925c6e
 2021-04-14 22:18:41 +02:00
Primiano Tucci
79d1dbbc05 Allow iorapd to access perfetto 
This requires moving the type declaration of
perfetto traced to public, because iorapd
needs to refer to it.

Denials without this CL:
https://pastebin.com/raw/sxHMeLEU

Bug: 72170747
Test: 1. runcon u:r:iorapd:s0 iorap.cmd.perfetto \
          -v --output-proto /data/misc/iorapd/test
      2. Check that no selinux denials other than
         avc: denied { entrypoint } for path="/system/bin/iorap.cmd.perfetto" dev="sda6" ino=21 scontext=u:r:iorapd:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
         show up (this is a side-effect of runcon).

Change-Id: Iacd1ab201fe9fb2a6302dbd528f42f709cbca054
 2019-01-23 22:43:47 +00:00