platform_system_sepolicy/private/compat/27.0
Alan Stokes 8bf8a262e5 Exempt older vendor images from recent mls changes.
We no longer allow apps with mlstrustedsubject access to app_data_file
or privapp_data_file. For compatibility we grant access to all apps on
vendor images for SDK <= 30, whether mlstrustedsubject or not. (The
ones that are not already have access, but that is harmless.)

Additionally we have started adding categories to system_data_file
etc. We treat these older vendor apps as trusted for those types only.

The result is that apps on older vendor images still have all the
access they used to but no new access.

We add a neverallow to prevent the compatibility attribute being
abused.

Test: builds
Change-Id: I10a885b6a122292f1163961b4a3cf3ddcf6230ad
2020-11-17 17:30:10 +00:00
..
27.0.cil sepolicy: Remove offload HAL sepolicy rules 2020-05-08 11:17:12 +09:00
27.0.compat.cil Exempt older vendor images from recent mls changes. 2020-11-17 17:30:10 +00:00
27.0.ignore.cil Add ro.bootimage.* property contexts 2020-10-07 11:55:20 -07:00