tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Alex Klyubin 062236a8c9 Remove access to ro.runtime.firstboot from apps 
ro.runtime.firstboot system property is only used internally by
system_server to distinguish between first start after boot from
consecutive starts (for example, this happens when full-disk
encryption is enabled). The value of the property is a
millisecond-precise timestamp which can help track individual
device. Thus apps should not have access to this property.

Test: Device boots fine, reading ro.runtime.firstboot from an app results in an error and SELinux denial.
Bug: 33700679
Change-Id: I4c3c26a35c5dd840bced3a3e53d071f45317f63c
2016-12-27 14:18:47 -08:00
..
access_vectors access_vectors: Remove unused permission definitions 2016-11-21 23:41:18 +00:00
adbd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
app.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
atrace.te Whitespace fix 2016-12-09 20:14:31 -08:00
audioserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bluetooth.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
bootanim.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootstat.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cameraserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cppreopts.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
debuggerd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dhcp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
domain.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
drmserver.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
dumpstate.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
ephemeral_app.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
file.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
file_contexts Sepolicy for allocator hal. 2016-12-22 11:39:23 -08:00
file_contexts_asan Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fingerprintd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fs_use Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
gatekeeperd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
genfs_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hal_allocator.te Sepolicy for allocator hal. 2016-12-22 11:39:23 -08:00
hal_audio_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_boot.te sepolicy for boot_control HAL service 2016-10-25 13:33:48 -07:00
hal_dumpstate_default.te Add hal_dumpstate attribute. 2016-12-16 10:48:32 -08:00
hal_graphics_allocator_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_graphics_composer_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_health_default.te hal_health: express the sepolicy as attribute 2016-12-17 16:17:36 +00:00
hal_ir_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_light_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_memtrack_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_nfc_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_power_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_thermal_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_vibrator_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_vr_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_wifi_default.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
healthd.te healthd: create SEPolicy for 'charger' and reduce healthd's scope 2016-12-15 18:17:13 -08:00
hostapd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hwservicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
init.te logcat: introduce split to logd and logpersist domains 2016-12-20 20:31:03 +00:00
initial_sid_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sids Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Whitespace fix 2016-12-09 20:14:31 -08:00
install_recovery.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
installd.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
isolated_app.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
kernel.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keys.conf Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keystore.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
lmkd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
logd.te logcat: introduce split to logd and logpersist domains 2016-12-20 20:31:03 +00:00
logpersist.te logcat: introduce split to logd and logpersist domains 2016-12-20 20:31:03 +00:00
mac_permissions.xml Move MediaProvider to its own domain, add new MtpServer permissions 2016-12-12 11:05:33 -08:00
mdnsd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaanalytics.te Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
mediacodec.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediadrmserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaextractor.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mls sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mtp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
netd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
nfc.te Whitespace fix 2016-12-09 20:14:31 -08:00
otapreopt_chroot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_slot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
perfprofd.te Whitespace fix 2016-12-09 20:14:31 -08:00
platform_app.te Whitespace fix 2016-12-09 20:14:31 -08:00
policy_capabilities Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
port_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall_dexopt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ppp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
priv_app.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
property_contexts Remove access to ro.runtime.firstboot from apps 2016-12-27 14:18:47 -08:00
racoon.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
radio.te Whitespace fix 2016-12-09 20:14:31 -08:00
recovery_persist.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
recovery_refresh.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rild.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
roles_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sdcardd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
seapp_contexts Clarify what determines precedence rules in seapp_contexts 2016-12-19 11:07:53 -08:00
security_classes Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
service_contexts Add coverage service. 2016-12-19 11:04:33 -08:00
servicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
shared_relro.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
shell.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
su.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
surfaceflinger.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
system_app.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
system_server.te Whitespace fix 2016-12-09 20:14:31 -08:00
tee.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
toolbox.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tzdatacheck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ueventd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
uncrypt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
untrusted_app.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
update_engine.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
users Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vold.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
webview_zygote.te Add the "webview_zygote" domain. 2016-11-11 10:13:17 -05:00
wificond.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
wpa.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
zygote.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00