tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public
History
Nick Kralevich 02cfce49ae kernel.te: tighten entrypoint / execute_no_trans neverallow 
The kernel domain exists solely on boot, and is used by kernel threads.
Because of the way the system starts, there is never an entrypoint for
that domain, not even a file on rootfs. So tighten up the neverallow
restriction.

Remove an obsolete comment. The *.rc files no longer have a setcon
statement, and the transition from the kernel domain to init occurs
because init re-execs itself. The statement no longer applies.

Test: bullhead policy compiles.
Change-Id: Ibe75f3d25804453507dbb05c7a07bba1d37a1c7b
2016-10-30 18:46:44 -07:00
..
adbd.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
app.te isolated_app: no sdcard access 2016-10-21 09:15:48 -07:00
attributes Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
audioserver.te clean up hal types 2016-10-26 09:50:04 -07:00
binderservicedomain.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
blkid.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
blkid_untrusted.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bluetooth.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bluetoothdomain.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
boot_control_hal.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootanim.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootstat.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cameraserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
clatd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cppreopts.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
debuggerd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
device.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dex2oat.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dhcp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dnsmasq.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
domain.te Get rid of auditallow spam. 2016-10-28 11:46:00 -07:00
domain_deprecated.te Get rid of auditallow spam. 2016-10-28 11:46:00 -07:00
drmserver.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
dumpstate.te Get rid of auditallow spam. 2016-10-28 11:46:00 -07:00
ephemeral_app.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
file.te Update SELinux policy for audiohal 2016-10-21 09:53:15 -07:00
fingerprintd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck_untrusted.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
gatekeeperd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
global_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hal_audio.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_boot.te sepolicy for boot_control HAL service 2016-10-25 13:33:48 -07:00
hal_nfc.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_vibrator.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_vr.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_wifi.te wifi_hal: Rename to 'hal_wifi' 2016-10-28 09:00:31 -07:00
hci_attach.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
healthd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hostapd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hwservicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
idmap.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
init.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
install_recovery.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
installd.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
ioctl_defines Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ioctl_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
isolated_app.te isolated_app: no sdcard access 2016-10-21 09:15:48 -07:00
kernel.te kernel.te: tighten entrypoint / execute_no_trans neverallow 2016-10-30 18:46:44 -07:00
keystore.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
lmkd.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
logd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mdnsd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediacodec.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediadrmserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaextractor.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaserver.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
mtp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
net.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
netd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
neverallow_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
nfc.te clean up hal types 2016-10-26 09:50:04 -07:00
otapreopt_chroot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_slot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
platform_app.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall_dexopt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ppp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
preopt2cachename.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
priv_app.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
profman.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
property.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
racoon.te racoon: remove domain_deprecated attribute 2016-10-15 17:15:25 -07:00
radio.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
recovery.te remove unnecessary dalvik rules from recovery 2016-10-14 02:27:31 -04:00
recovery_persist.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
recovery_refresh.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
rild.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
runas.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sdcardd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
service.te Creates an autofill system service. 2016-10-20 17:33:27 -07:00
servicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sgdisk.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
shared_relro.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
shell.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
slideshow.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
surfaceflinger.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
system_app.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
system_server.te clean up hal types 2016-10-26 09:50:04 -07:00
te_macros Rename macros for (non)binderized HALs 2016-10-26 10:04:18 -07:00
tee.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
toolbox.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tzdatacheck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ueventd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
uncrypt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
untrusted_app.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vold.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
watchdogd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
wificond.te wifi_hal: Rename to 'hal_wifi' 2016-10-28 09:00:31 -07:00
wpa.te wpa: Add permissions for hwbinder 2016-10-26 14:52:12 -07:00
zygote.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00