tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api
History
Thiébaud Weksteen c1b65e5d53 Grant lockdown integrity to all processes 
The default policy for the "lockdown" access vector on Android was
introduced in commit bcfca1a6. While the "confidentiality" permission
was granted to all processes, the "integrity" was marked as
neverallowed.

Upstream, the support for that access vector was removed from kernel
5.16 onwards.

It was found that the "integrity" permission either does not apply to
Android or duplicates other access control (e.g., capabilities
sys_admin).

Instead of simply removing the neverallow rule, the access is granted to
all processes. This will prevent the proliferation of references to this
access vector in vendors' policies and ultimately facilitate its
removal.

Test: presubmit
Bug: 285443587
Bug: 269377822
Bug: 319390252
Change-Id: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
(cherry picked from commit 99a4cbcee7)
Merged-In: If2ad34fbbf2c0d29ac54ab5d1be430623f86f1f7
2024-02-28 18:10:29 -08:00
..
29.0 Remove 28.0 compat support 2023-04-03 15:17:03 +09:00
30.0 Remove 28.0 compat support 2023-04-03 15:17:03 +09:00
31.0 Allow for server-side configuration of libstagefright 2023-12-11 23:02:32 +00:00
32.0 Allow for server-side configuration of libstagefright 2023-12-11 23:02:32 +00:00
33.0 Grant lockdown integrity to all processes 2024-02-28 18:10:29 -08:00
34.0 Grant lockdown integrity to all processes 2024-02-28 18:10:29 -08:00