tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/compat/28.0
History
Ken Chen 64f0be204b Define sepolicy for redirect-socket-calls feature 
Define two property_context.

1. vendor_socket_hook_prop - for ro.vendor.redirect_socket_calls. The
property set once in vendor_init context. It's evaluated at process
start time and is cannot change at runtime on a given device. The set
permission is restricted to vendor_init. The read permission is
unrestricted.

2. socket_hook_prop - for net.redirect_socket_calls.hooked. The
property can be changed by System Server at runtime. It's evaluated when
shimmed socket functions is called. The set permission is restricted to
System Server. The read permission is unrestricted.

Bug: Bug: 141611769
Test: System Server can set net.redirect_socket_calls.hooked
      libnetd_client can read both properties
      libnetd_client can't set both properties

Change-Id: Ic42269539923e6930cc0ee3df8ba032797212395
2020-02-11 20:55:02 +08:00
..
28.0.cil Mark mediacodec_2{6,7,8} as hal_omx_server 2019-10-01 20:48:01 +00:00
28.0.compat.cil netlink_route_socket: add new nlmsg_readpriv perm 2019-10-16 16:14:16 +02:00
28.0.ignore.cil Define sepolicy for redirect-socket-calls feature 2020-02-11 20:55:02 +08:00