tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/compat/28.0
History
Yi-Yo Chiang 806898db48 Split gsi_metadata_file and add gsi_metadata_file_type attribute 
Split gsi_metadata_file into gsi_metadata_file plus
gsi_public_metadata_file, and add gsi_metadata_file_type attribute.
Files that are okay to be publicly readable are labeled with
gsi_public_metadata_file. Right now only files needed to infer the
device fstab belong to this label.
The difference between gsi_metadata_file and gsi_public_metadata_file is
that gsi_public_metadata_file has relaxed neverallow rules, so processes
who wish to read the fstab can add the respective allow rules to their
policy files.
Allow gsid to restorecon on gsi_metadata_file to fix the file context of
gsi_public_metadata_file.

Bug: 181110285
Test: Build pass
Test: Issue a DSU installation then verify no DSU related denials and
  files under /metadata/gsi/ are labeled correctly.
Change-Id: I54a5fe734dd345e28fd8c0874d5fceaf80ab8c11
2021-03-29 03:09:35 +00:00
..
28.0.cil sepolicy: Remove offload HAL sepolicy rules 2020-05-08 11:17:12 +09:00
28.0.compat.cil Exempt older vendor images from recent mls changes. 2020-11-17 17:30:10 +00:00
28.0.ignore.cil Split gsi_metadata_file and add gsi_metadata_file_type attribute 2021-03-29 03:09:35 +00:00