6b558dcbea4b85b9cba1415a974e9941a22f7be7 |
|
24-Mar-2017 |
Alex Klyubin <klyubin@google.com> |
su and perfprofd are coredomain too This is a follow-up to f5446eb1486816c00136b2b5f0a3cc4a01706000 where I forgot to associate su and perfprofd domains with coredomain. Test: mmm system/sepolicy sepolicy-analyze $OUT/root/sepolicy attribute coredomain Bug: 35870313 Change-Id: I13f90693843f7c6fe9fea8e5332aa6dd9558478a
/system/sepolicy/private/su.te
|
41f93db9dec4b6810cebf1436b5f98ff8934802a |
|
21-Nov-2016 |
Joe Onorato <joeo@google.com> |
Add incident command and incidentd daemon se policy. Test: adb shell incident Bug: 31122534 Change-Id: I4ac9c9ab86867f09b63550707673149fe60f1906
/system/sepolicy/private/su.te
|
3e8dbf01ef3a5e2c53a27ab6b068d22c1a8fe02f |
|
08-Dec-2016 |
dcashman <dcashman@google.com> |
Restore app_domain macro and move to private use. app_domain was split up in commit: 2e00e6373faa6271d7839d33c5b9e69d998ff020 to enable compilation by hiding type_transition rules from public policy. These rules need to be hidden from public policy because they describe how objects are labeled, of which non-platform should be unaware. Instead of cutting apart the app_domain macro, which non-platform policy may rely on for implementing new app types, move all app_domain calls to private policy. (cherry-pick of commit: 76035ea01971156895cf0d8efc1876bfa2025bd6) Bug: 33428593 Test: bullhead and sailfish both boot. sediff shows no policy change. Change-Id: I4beead8ccc9b6e13c6348da98bb575756f539665
/system/sepolicy/private/su.te
|
2e00e6373faa6271d7839d33c5b9e69d998ff020 |
|
12-Oct-2016 |
dcashman <dcashman@google.com> |
sepolicy: add version_policy tool and version non-platform policy. In order to support platform changes without simultaneous updates from non-platform components, the platform and non-platform policies must be split. In order to provide a guarantee that policy written for non-platform objects continues to provide the same access, all types exposed to non-platform policy are versioned by converting them and the policy using them into attributes. This change performs that split, the subsequent versioning and also generates a mapping file to glue the different policy components together. Test: Device boots and runs. Bug: 31369363 Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317
/system/sepolicy/private/su.te
|
cc39f637734a8d84bc861b649bfd109290c06401 |
|
22-Jul-2016 |
dcashman <dcashman@google.com> |
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
/system/sepolicy/private/su.te
|