tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/property.te
Stephen Smalley 54e9bc4514 Dependencies for new goldfish service domains. 
In order to support the new goldfish service domains in
a change with the same Change-Id for the build project, we need
the following changes in external/sepolicy:
- /system/bin/logcat needs its own type so that it can be used as an
entrypoint for the goldfish-logcat service.  A neverallow rule prevents
us from allowing entrypoint to any type not in exec_type.
- The config. and dalvik. property namespaces need to be labeled
with something other than default_prop so that the qemu-props
service can set them.  A neverallow rule prevents us from allowing
qemu-props to set default_prop.

We allow rx_file_perms to logcat_exec for any domain that
was previously allowed read_logd() as many programs will read
the logs by running logcat.  We do not do this for all domains
as it would violate a neverallow rule on the kernel domain executing
any file without transitioning to another domain, and as we ultimately
want to apply the same restriction to the init domain (and possibly others).

Change-Id: Idce1fb5ed9680af84788ae69a5ace684c6663974
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-09-27 17:19:39 -07:00

27 lines
945 B
Text
Raw Blame History

type default_prop, property_type;
type shell_prop, property_type;
type debug_prop, property_type;
type debuggerd_prop, property_type;
type dhcp_prop, property_type;
type radio_prop, property_type;
type net_radio_prop, property_type;
type system_radio_prop, property_type;
type system_prop, property_type;
type vold_prop, property_type;
type ctl_bootanim_prop, property_type;
type ctl_default_prop, property_type;
type ctl_dhcp_pan_prop, property_type;
type ctl_dumpstate_prop, property_type;
type ctl_fuse_prop, property_type;
type ctl_mdnsd_prop, property_type;
type ctl_rildaemon_prop, property_type;
type ctl_bugreport_prop, property_type;
type audio_prop, property_type;
type logd_prop, property_type;
type security_prop, property_type;
type bluetooth_prop, property_type;
type pan_result_prop, property_type;
type powerctl_prop, property_type;
type nfc_prop, property_type;
type dalvik_prop, property_type;
type config_prop, property_type;
Reference in a new issue View git blame Copy permalink