55e5c9b513
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
11 lines
414 B
Text
11 lines
414 B
Text
# apexd -- manager for APEX packages
|
|
type apexd, domain;
|
|
type apexd_exec, exec_type, file_type, system_file_type;
|
|
|
|
binder_use(apexd)
|
|
add_service(apexd, apex_service)
|
|
|
|
neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
|
|
neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call;
|
|
|
|
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
|