cc39f63773
Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
27 lines
973 B
Text
27 lines
973 B
Text
sid kernel u:r:kernel:s0
|
|
sid security u:object_r:kernel:s0
|
|
sid unlabeled u:object_r:unlabeled:s0
|
|
sid fs u:object_r:labeledfs:s0
|
|
sid file u:object_r:unlabeled:s0
|
|
sid file_labels u:object_r:unlabeled:s0
|
|
sid init u:object_r:unlabeled:s0
|
|
sid any_socket u:object_r:unlabeled:s0
|
|
sid port u:object_r:port:s0
|
|
sid netif u:object_r:netif:s0
|
|
sid netmsg u:object_r:unlabeled:s0
|
|
sid node u:object_r:node:s0
|
|
sid igmp_packet u:object_r:unlabeled:s0
|
|
sid icmp_socket u:object_r:unlabeled:s0
|
|
sid tcp_socket u:object_r:unlabeled:s0
|
|
sid sysctl_modprobe u:object_r:unlabeled:s0
|
|
sid sysctl u:object_r:proc:s0
|
|
sid sysctl_fs u:object_r:unlabeled:s0
|
|
sid sysctl_kernel u:object_r:unlabeled:s0
|
|
sid sysctl_net u:object_r:unlabeled:s0
|
|
sid sysctl_net_unix u:object_r:unlabeled:s0
|
|
sid sysctl_vm u:object_r:unlabeled:s0
|
|
sid sysctl_dev u:object_r:unlabeled:s0
|
|
sid kmod u:object_r:unlabeled:s0
|
|
sid policy u:object_r:unlabeled:s0
|
|
sid scmp_packet u:object_r:unlabeled:s0
|
|
sid devnull u:object_r:null_device:s0
|