tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Alex Klyubin 9b718c409f Switch DRM HAL policy to _client/_server 
This switches DRM HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of DRM HAL.

Domains which are clients of DRM HAL, such as mediadrmserver domain,
are granted rules targeting hal_drm only when the DRM HAL runs in
passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting hal_drm
are not granted to client domains.

Domains which offer a binderized implementation of DRM HAL, such as
hal_drm_default domain, are always granted rules targeting hal_drm.

Test: Play movie using Google Play Movies
Test: Play movie using Netflix
Bug: 34170079
Change-Id: I3ab0e84818ccd61e54b90f7ade3509b7dbf86fb9
2017-02-17 15:36:41 -08:00
..
access_vectors Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. 2017-02-06 14:24:41 -05:00
adbd.te Move adbd policy to private 2017-02-07 09:55:05 -08:00
app.te Sepolicy for OMX hal. 2017-02-11 00:12:00 -08:00
app_neverallows.te untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
atrace.te Move atrace policy to private 2017-02-07 10:54:20 -08:00
audioserver.te Add documentation on neverallow rules 2017-02-17 22:37:23 +00:00
binderservicedomain.te Move binderservicedomain policy to private 2017-02-08 09:09:39 -08:00
blkid.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
blkid_untrusted.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
bluetooth.te Switch Bluetooth HAL policy to _client/_server 2017-02-17 11:32:00 -08:00
bluetoothdomain.te Move bluetoothdomain policy to private 2017-02-06 15:32:08 -08:00
bootanim.te
bootstat.te
bufferhubd.te Add policies for new services. 2017-02-09 15:15:11 -08:00
cameraserver.te
cppreopts.te
dexoptanalyzer.te SElinux policies for compiling secondary dex files 2017-01-24 14:28:07 -08:00
dhcp.te
domain.te Remove crash_dump from sys_ptrace neverallow exception 2017-02-16 09:17:35 -08:00
drmserver.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
dumpstate.te Storaged permissions for task I/O 2017-01-07 01:12:51 +00:00
ephemeral_app.te Merge ephemeral data and apk files into app 2017-02-06 10:16:50 -08:00
file.te Label /proc/config.gz 2017-02-16 12:07:01 -08:00
file_contexts Move hals to vendor partition. 2017-02-13 23:14:13 +00:00
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
gatekeeperd.te
genfs_contexts Label /proc/config.gz 2017-02-16 12:07:01 -08:00
hal_allocator.te Sepolicy for allocator hal. 2016-12-22 11:39:23 -08:00
hal_bluetooth_default.te Switch Bluetooth HAL policy to _client/_server 2017-02-17 11:32:00 -08:00
halclientdomain.te Use _client and _server for Audio HAL policy 2017-02-15 13:32:14 -08:00
halserverdomain.te Use _client and _server for Audio HAL policy 2017-02-15 13:32:14 -08:00
healthd.te storaged: allow register and callback from batteryproperties 2017-02-06 11:06:05 -08:00
hostapd.te
hwservicemanager.te
incident.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
incidentd.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
init.te Remove selinux denial 2017-02-13 08:51:33 -08:00
initial_sid_contexts
initial_sids
inputflinger.te Whitespace fix 2016-12-09 20:14:31 -08:00
install_recovery.te
installd.te SElinux policies for compiling secondary dex files 2017-01-24 14:28:07 -08:00
isolated_app.te Move neverallows from untrusted_app.te to app_neverallows.te 2017-02-06 10:16:50 -08:00
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te logd: add getEventTag command and service 2017-01-31 15:50:42 +00:00
logpersist.te logd: add getEventTag command and service 2017-01-31 15:50:42 +00:00
mac_permissions.xml Move MediaProvider to its own domain, add new MtpServer permissions 2016-12-12 11:05:33 -08:00
mdnsd.te Move mdnsd policy to private 2017-02-06 15:02:32 -08:00
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te rename mediaanalytics->mediametrics, wider access 2017-01-24 16:57:19 -08:00
mediaserver.te
mls sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
mls_macros
mtp.te
net.te Move netdomain policy to private 2017-02-06 15:02:00 -08:00
netd.te
nfc.te Whitespace fix 2016-12-09 20:14:31 -08:00
otapreopt_chroot.te
otapreopt_slot.te
performanced.te Add policies for new services. 2017-02-09 15:15:11 -08:00
perfprofd.te Whitespace fix 2016-12-09 20:14:31 -08:00
platform_app.te Merge ephemeral data and apk files into app 2017-02-06 10:16:50 -08:00
policy_capabilities Define extended_socket_class policy capability and socket classes 2017-02-06 13:53:11 -05:00
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
priv_app.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
property_contexts Move net.dns* to it's own label. 2017-02-09 16:14:05 -08:00
racoon.te
radio.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
recovery_persist.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
recovery_refresh.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rild.te
roles_decl sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te
sdcardd.te
seapp_contexts untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
security_classes Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. 2017-02-06 14:24:41 -05:00
sensord.te Add policies for new services. 2017-02-09 15:15:11 -08:00
service_contexts Add policies for new services. 2017-02-09 15:15:11 -08:00
servicemanager.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
shared_relro.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
shell.te tracefs: avoid overly generic regexes 2017-02-12 08:40:32 -08:00
storaged.te storaged: allow register and callback from batteryproperties 2017-02-06 11:06:05 -08:00
su.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
surfaceflinger.te surfaceflinger: grant access to vr_manager_service 2017-02-10 13:36:43 -08:00
system_app.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
system_server.te Switch DRM HAL policy to _client/_server 2017-02-17 15:36:41 -08:00
tee.te
tombstoned.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
toolbox.te
tzdatacheck.te
ueventd.te
uncrypt.te
untrusted_app.te untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
untrusted_app_25.te untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
untrusted_app_all.te untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
update_engine.te
update_engine_common.te
update_verifier.te
users
vdc.te
virtual_touchpad.te Add policies for new services. 2017-02-09 15:15:11 -08:00
vold.te
webview_zygote.te Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. 2017-02-06 14:24:41 -05:00
wificond.te
wpa.te
zygote.te Remove SElinux audit to libart_file 2017-01-31 23:43:14 +00:00