platform_system_sepolicy/vendor
Sandeep Patil e41af20397 Fix coredomain violation for modprobe
modprobe domain was allowed to launch vendor toolbox even if its a
coredomain. That violates the treble separation. Fix that by creating a
separate 'vendor_modprobe' domain that init is allowed to transition to
through vendor_toolbox.

Bug: 37008075
Test: Build and boot sailfish

Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 9e366a0e49)
2017-06-05 08:09:18 -07:00
..
file.te sepolicy: Move hostapd to vendor 2017-03-09 11:17:45 +08:00
file_contexts SE Policy for Wifi Offload HAL 2017-05-18 09:49:55 -07:00
hal_audio_default.te Remove audio from socket_between.._violators 2017-04-28 20:03:03 +00:00
hal_bluetooth_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_bootctl_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_camera_default.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_configstore_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_contexthub_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_drm_default.te Remove unnecessary attributes 2017-04-14 09:39:19 -07:00
hal_dumpstate_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_fingerprint_default.te Remove unnecessary attributes 2017-04-14 09:39:19 -07:00
hal_gatekeeper_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_gnss_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_graphics_allocator_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_graphics_composer_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_health_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_ir_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_keymaster_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_light_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_memtrack_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_nfc_default.te NFC HAL no longer violates socket access restrictions 2017-04-27 17:21:42 +00:00
hal_omx.te mediacodec violates "no Binder in vendor" rule 2017-03-24 17:22:17 -07:00
hal_power_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_sensors_default.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_thermal_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_tv_cec_default.te Make hal_tv_cec_default exec a vendor_file_type 2017-04-13 17:32:43 -07:00
hal_tv_input_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_usb_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_vibrator_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_vr_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_wifi_default.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
hal_wifi_offload_default.te SE Policy for Wifi Offload HAL 2017-05-18 09:49:55 -07:00
hal_wifi_supplicant_default.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hostapd.te Remove unnecessary attributes 2017-04-14 09:39:19 -07:00
rild.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00
tee.te Move domain_deprecated into private policy 2017-05-15 13:37:59 -07:00
vendor_modprobe.te Fix coredomain violation for modprobe 2017-06-05 08:09:18 -07:00
vndservice_contexts Add default label and mapping for vendor services 2017-04-28 14:56:57 -07:00
vndservicemanager.te sepolicy: make exec_types in /vendor a subset of vendor_file_type 2017-04-11 17:20:36 +00:00