| 6b558dcbea4b85b9cba1415a974e9941a22f7be7 |
|
24-Mar-2017 |
Alex Klyubin <klyubin@google.com> |
su and perfprofd are coredomain too
This is a follow-up to f5446eb1486816c00136b2b5f0a3cc4a01706000 where
I forgot to associate su and perfprofd domains with coredomain.
Test: mmm system/sepolicy
sepolicy-analyze $OUT/root/sepolicy attribute coredomain
Bug: 35870313
Change-Id: I13f90693843f7c6fe9fea8e5332aa6dd9558478a
/system/sepolicy/private/su.te
|
| 41f93db9dec4b6810cebf1436b5f98ff8934802a |
|
21-Nov-2016 |
Joe Onorato <joeo@google.com> |
Add incident command and incidentd daemon se policy.
Test: adb shell incident
Bug: 31122534
Change-Id: I4ac9c9ab86867f09b63550707673149fe60f1906
/system/sepolicy/private/su.te
|
| 3e8dbf01ef3a5e2c53a27ab6b068d22c1a8fe02f |
|
08-Dec-2016 |
dcashman <dcashman@google.com> |
Restore app_domain macro and move to private use.
app_domain was split up in commit: 2e00e6373faa6271d7839d33c5b9e69d998ff020 to
enable compilation by hiding type_transition rules from public policy. These
rules need to be hidden from public policy because they describe how objects are
labeled, of which non-platform should be unaware. Instead of cutting apart the
app_domain macro, which non-platform policy may rely on for implementing new app
types, move all app_domain calls to private policy.
(cherry-pick of commit: 76035ea01971156895cf0d8efc1876bfa2025bd6)
Bug: 33428593
Test: bullhead and sailfish both boot. sediff shows no policy change.
Change-Id: I4beead8ccc9b6e13c6348da98bb575756f539665
/system/sepolicy/private/su.te
|
| 2e00e6373faa6271d7839d33c5b9e69d998ff020 |
|
12-Oct-2016 |
dcashman <dcashman@google.com> |
sepolicy: add version_policy tool and version non-platform policy.
In order to support platform changes without simultaneous updates from
non-platform components, the platform and non-platform policies must be
split. In order to provide a guarantee that policy written for
non-platform objects continues to provide the same access, all types
exposed to non-platform policy are versioned by converting them and the
policy using them into attributes.
This change performs that split, the subsequent versioning and also
generates a mapping file to glue the different policy components
together.
Test: Device boots and runs.
Bug: 31369363
Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317
/system/sepolicy/private/su.te
|
| cc39f637734a8d84bc861b649bfd109290c06401 |
|
22-Jul-2016 |
dcashman <dcashman@google.com> |
Split general policy into public and private components.
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
/system/sepolicy/private/su.te
|