tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/vendor
History
Jeff Vander Stoep 4a478c47f4 Ban vendor components access to core data types 
Vendor and system components are only allowed to share files by
passing open FDs over HIDL. Ban all directory access and all file
accesses other than what can be applied to an open file:
stat/read/write/append.

This commit marks core data types as core_data_file_type and bans
access to non-core domains with an exemption for apps. A temporary
exemption is also granted to domains that currently rely on
access with TODOs and bug number for each exemption.

Bug: 34980020
Test: Build and boot Marlin. Make phone call, watch youtube video.
      No new denials observed.
Change-Id: I320dd30f9f0a5bf2f9bb218776b4bccdb529b197
2017-03-28 15:44:39 -07:00
..
file.te sepolicy: Move hostapd to vendor 2017-03-09 11:17:45 +08:00
file_contexts Initial sepolicy for vndservicemanager. 2017-03-23 00:20:43 +00:00
hal_audio_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hal_bluetooth_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hal_bootctl_default.te Switch Boot Control HAL policy to _client/_server 2017-03-17 17:22:06 -07:00
hal_camera_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hal_configstore_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_contexthub_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_drm_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hal_dumpstate_default.te Switch Dumpstate HAL policy to _client/_server 2017-02-22 10:15:24 -08:00
hal_fingerprint_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hal_gatekeeper_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_gnss_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_graphics_allocator_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_graphics_composer_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_health_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_ir_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_keymaster_default.te Ban socket connections between core and vendor 2017-03-27 08:49:13 -07:00
hal_light_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_memtrack_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_nfc_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hal_omx.te mediacodec violates "no Binder in vendor" rule 2017-03-24 17:22:17 -07:00
hal_power_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_sensors_default.te Switch Sensors HAL policy to _client/_server 2017-03-14 12:43:29 -07:00
hal_thermal_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_usb_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_vibrator_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_vr_default.te Annotate most remaining HALs with _client/_server 2017-03-16 19:55:16 -07:00
hal_wifi_default.te Switch Wi-Fi HAL policy to _client/_server 2017-02-22 15:12:19 -08:00
hal_wifi_supplicant_default.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
hostapd.te Ban vendor components access to core data types 2017-03-28 15:44:39 -07:00
rild.te Move rild to vendor partition. 2017-02-23 16:20:07 -08:00
vndservicemanager.te Vendor domains must not use Binder 2017-03-24 07:54:00 -07:00