6237d8b787
This starts with the reduction in the number of services that ephemeral apps can access. Prior to this commit, ephemeral apps were permitted to access most of the service_manager services accessible by conventional apps. This commit reduces this set by removing access from ephemeral apps to: * gatekeeper_service, * sec_key_att_app_id_provider_service, * wallpaper_service, * wifiaware_service, * wifip2p_service, * wifi_service. Test: Device boots up fine, Chrome, Play Movies, YouTube, Netflix, work fine. Bug: 33349998 Change-Id: Ie4ff0a77eaca8c8c91efda198686c93c3a2bc4b3
170 lines
4.6 KiB
Text
170 lines
4.6 KiB
Text
######################################
|
|
# Attribute declarations
|
|
#
|
|
|
|
# All types used for devices.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# in tools/checkfc.c
|
|
attribute dev_type;
|
|
|
|
# All types used for processes.
|
|
attribute domain;
|
|
|
|
# Temporary attribute used for migrating permissions out of domain.
|
|
# Motivation: Domain is overly permissive. Start removing permissions
|
|
# from domain and assign them to the domain_deprecated attribute.
|
|
# Domain_deprecated and domain can initially be assigned to all
|
|
# domains. The goal is to not assign domain_deprecated to new domains
|
|
# and to start removing domain_deprecated where it's not required or
|
|
# reassigning the appropriate permissions to the inheriting domain
|
|
# when necessary.
|
|
attribute domain_deprecated;
|
|
|
|
# All types used for filesystems.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute fs_type;
|
|
|
|
# All types used for context= mounts.
|
|
attribute contextmount_type;
|
|
|
|
# All types used for files that can exist on a labeled fs.
|
|
# Do not use for pseudo file types.
|
|
# On change, update CHECK_FC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute file_type;
|
|
|
|
# All types used for domain entry points.
|
|
attribute exec_type;
|
|
|
|
# All types used for /data files.
|
|
attribute data_file_type;
|
|
|
|
# All types use for sysfs files.
|
|
attribute sysfs_type;
|
|
|
|
# All types use for debugfs files.
|
|
attribute debugfs_type;
|
|
|
|
# Attribute used for all sdcards
|
|
attribute sdcard_type;
|
|
|
|
# All types used for nodes/hosts.
|
|
attribute node_type;
|
|
|
|
# All types used for network interfaces.
|
|
attribute netif_type;
|
|
|
|
# All types used for network ports.
|
|
attribute port_type;
|
|
|
|
# All types used for property service
|
|
# On change, update CHECK_PC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute property_type;
|
|
|
|
# All properties defined in core SELinux policy. Should not be
|
|
# used by device specific properties
|
|
attribute core_property_type;
|
|
|
|
# All properties used to configure log filtering.
|
|
attribute log_property_type;
|
|
|
|
# All service_manager types created by system_server
|
|
attribute system_server_service;
|
|
|
|
# services which should be available to all but isolated apps
|
|
attribute app_api_service;
|
|
|
|
# services which should be available to all ephemeral apps
|
|
attribute ephemeral_app_api_service;
|
|
|
|
# services which export only system_api
|
|
attribute system_api_service;
|
|
|
|
# All types used for services managed by service_manager.
|
|
# On change, update CHECK_SC_ASSERT_ATTRS
|
|
# definition in tools/checkfc.c.
|
|
attribute service_manager_type;
|
|
|
|
# All domains that can override MLS restrictions.
|
|
# i.e. processes that can read up and write down.
|
|
attribute mlstrustedsubject;
|
|
|
|
# All types that can override MLS restrictions.
|
|
# i.e. files that can be read by lower and written by higher
|
|
attribute mlstrustedobject;
|
|
|
|
# All domains used for apps.
|
|
attribute appdomain;
|
|
|
|
# All third party apps.
|
|
attribute untrusted_app_all;
|
|
|
|
# All domains used for apps with network access.
|
|
attribute netdomain;
|
|
|
|
# All domains used for apps with bluetooth access.
|
|
attribute bluetoothdomain;
|
|
|
|
# All domains used for binder service domains.
|
|
attribute binderservicedomain;
|
|
|
|
# All domains that access the boot_control HAL. The permissions the HAL
|
|
# requires are specific to the implementation provided in each device, but
|
|
# common daemons need to be aware of those when calling into the HAL.
|
|
attribute boot_control_hal;
|
|
|
|
# update_engine related domains that need to apply an update and run
|
|
# postinstall. This includes the background daemon and the sideload tool from
|
|
# recovery for A/B devices.
|
|
attribute update_engine_common;
|
|
|
|
# All HAL servers
|
|
attribute halserverdomain;
|
|
# All HAL clients
|
|
attribute halclientdomain;
|
|
|
|
# HALs
|
|
attribute hal_audio;
|
|
attribute hal_audio_client;
|
|
attribute hal_audio_server;
|
|
attribute hal_bluetooth;
|
|
attribute hal_bluetooth_client;
|
|
attribute hal_bluetooth_server;
|
|
attribute hal_camera;
|
|
attribute hal_camera_client;
|
|
attribute hal_camera_server;
|
|
attribute hal_configstore;
|
|
attribute hal_contexthub;
|
|
attribute hal_drm;
|
|
attribute hal_drm_client;
|
|
attribute hal_drm_server;
|
|
attribute hal_dumpstate;
|
|
attribute hal_dumpstate_client;
|
|
attribute hal_dumpstate_server;
|
|
attribute hal_fingerprint;
|
|
attribute hal_fingerprint_client;
|
|
attribute hal_fingerprint_server;
|
|
attribute hal_gatekeeper;
|
|
attribute hal_gnss;
|
|
attribute hal_graphics_allocator;
|
|
attribute hal_graphics_composer;
|
|
attribute hal_health;
|
|
attribute hal_ir;
|
|
attribute hal_keymaster;
|
|
attribute hal_keymaster_client;
|
|
attribute hal_keymaster_server;
|
|
attribute hal_light;
|
|
attribute hal_memtrack;
|
|
attribute hal_nfc;
|
|
attribute hal_power;
|
|
attribute hal_sensors;
|
|
attribute hal_telephony;
|
|
attribute hal_thermal;
|
|
attribute hal_usb;
|
|
attribute hal_vibrator;
|
|
attribute hal_vr;
|
|
attribute hal_wifi;
|
|
attribute hal_wifi_client;
|
|
attribute hal_wifi_server;
|