tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Sandeep Patil 54a4200134 prop_context: correctly label all property_context files 
split property context file in vendor and sytem were left untouched by
the recent changes. This was working accidentally because they were
still accessible to all domains as 'system_file'.

Bug: 36002573
Test: Boot sailfish to observe no new denials.
Test: 'adb sideload' OTA on sailfish successfully

Change-Id: I5bec058b59db83d2a431e9f7e91c5a09af7d2942
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-03-29 10:10:32 -07:00
..
access_vectors Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. 2017-02-06 14:24:41 -05:00
adbd.te adbd: use hal_client_domain 2017-03-24 18:55:56 -07:00
app.te Mark all clients of Allocator HAL 2017-03-24 13:54:43 -07:00
app_neverallows.te app.te: prevent locks of files on /system 2017-03-22 10:35:24 -07:00
atrace.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
audioserver.te Mark all clients of Allocator HAL 2017-03-24 13:54:43 -07:00
binder_in_vendor_violators.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
binderservicedomain.te Move binderservicedomain policy to private 2017-02-08 09:09:39 -08:00
blkid.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
blkid_untrusted.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bluetooth.te Ban socket connections between core and vendor 2017-03-27 08:49:13 -07:00
bluetoothdomain.te Move bluetoothdomain policy to private 2017-02-06 15:32:08 -08:00
bootanim.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bootstat.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
bufferhubd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
cameraserver.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
charger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
clatd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
cppreopts.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
crash_dump.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
dex2oat.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
dexoptanalyzer.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
dhcp.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
dnsmasq.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
domain.te Remove crash_dump from sys_ptrace neverallow exception 2017-02-16 09:17:35 -08:00
drmserver.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
dumpstate.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
ephemeral_app.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
file.te Label /proc/config.gz 2017-02-16 12:07:01 -08:00
file_contexts prop_context: correctly label all property_context files 2017-03-29 10:10:32 -07:00
file_contexts_asan Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fingerprintd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
fs_use Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
fsck_untrusted.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
gatekeeperd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
genfs_contexts enabled /sbin/modprobe for recovery mode 2017-03-16 01:19:58 +00:00
hal_allocator_default.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
halclientdomain.te Allow hals to read hwservicemanager prop. 2017-03-23 01:50:50 +00:00
halserverdomain.te Allow hals to read hwservicemanager prop. 2017-03-23 01:50:50 +00:00
healthd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
hwservicemanager.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
idmap.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
incident.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
incidentd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
init.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
initial_sid_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sids Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
install_recovery.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
installd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
isolated_app.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
kernel.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
keys.conf Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keystore.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
lmkd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
logd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
logpersist.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mac_permissions.xml Move MediaProvider to its own domain, add new MtpServer permissions 2016-12-12 11:05:33 -08:00
mdnsd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediadrmserver.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediaextractor.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediametrics.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mediaserver.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mls sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
modprobe.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
mtp.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
net.te Move netdomain policy to private 2017-02-06 15:02:00 -08:00
netd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
nfc.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
otapreopt_chroot.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
otapreopt_slot.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
performanced.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
perfprofd.te su and perfprofd are coredomain too 2017-03-24 09:31:50 -07:00
platform_app.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
policy_capabilities Define extended_socket_class policy capability and socket classes 2017-02-06 13:53:11 -05:00
port_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
postinstall_dexopt.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
ppp.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
preopt2cachename.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
priv_app.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
profman.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
property_contexts make ro.persistent_properties.ready accessible for hidl client 2017-03-01 12:31:04 -08:00
racoon.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
radio.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
recovery.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
recovery_persist.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
recovery_refresh.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
roles_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
sdcardd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
seapp_contexts Use levelFrom=user for v2 apps 2017-03-02 09:50:33 -08:00
security_classes Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. 2017-02-06 14:24:41 -05:00
sensord.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
service_contexts sepolicy: Make wpa_supplicant a HIDL service 2017-03-07 01:34:28 +00:00
servicemanager.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
sgdisk.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
shared_relro.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
shell.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
slideshow.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
storaged.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
su.te su and perfprofd are coredomain too 2017-03-24 09:31:50 -07:00
surfaceflinger.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
system_app.te Vendor domains must not use Binder am: f5446eb148 am: 2fe065d708 2017-03-24 15:03:44 +00:00
system_server.te Merge "Allow vrmanager to connect to vr_window_manager." 2017-03-27 21:34:05 +00:00
technical_debt.cil Mark all clients of Allocator HAL 2017-03-24 13:54:43 -07:00
tee.te Ban socket connections between core and vendor 2017-03-27 08:49:13 -07:00
tombstoned.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
toolbox.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
tzdatacheck.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
ueventd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
uncrypt.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
untrusted_app.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
untrusted_app_25.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
untrusted_app_all.te Split preloads into media_file and data_file 2017-03-15 00:49:37 +00:00
untrusted_v2_app.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
update_engine.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
users Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
virtual_touchpad.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
vold.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
vr_wm.te Mark vr_wm as coredomain 2017-03-24 08:06:28 -07:00
watchdogd.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
webview_zygote.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
wificond.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00
zygote.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00