4e416ea4caf023299c84f4a06f3db59dd9aa1967 - fp2-dev/platform/external/sepolicy

commit	4e416ea4caf023299c84f4a06f3db59dd9aa1967	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Jan 08 09:34:31 2014 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	Wed Jan 08 09:34:31 2014 -0500
tree	9dd216d0edbde0abce3c4079c75be9cd0174c439
parent	8b51674b2d2588c97ee6ddb976d6458ad33e2880 [diff]

Strip exec* permissions from unconfined domains.

This ensures that only domains that are explicitly allowed executable
memory permissions are granted them.

Unconfined domains retain full write + execute access to all file
types.  A further change could possibly restrict execute access to
a subset of file types, e.g. system_file + exec_type.

Change-Id: I842f5a2ac5921cc2bd0ab23a091eb808fdd89565
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

unconfined.te[diff]

1 file changed

tree: 9dd216d0edbde0abce3c4079c75be9cd0174c439

tools/
access_vectors
adbd.te
Android.mk
app.te
attributes
binderservicedomain.te
bluetooth.te
bootanim.te
clatd.te
debuggerd.te
device.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
file.te
file_contexts
fs_use
genfs_contexts
global_macros
gpsd.te
hci_attach.te
healthd.te
hostapd.te
init.te
init_shell.te
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
mac_permissions.xml
media_app.te
mediaserver.te
mls
mls_macros
mtp.te
net.te
netd.te
nfc.te
NOTICE
platform_app.te
policy_capabilities
port_contexts
ppp.te
property.te
property_contexts
qemud.te
racoon.te
radio.te
README
release_app.te
rild.te
roles
runas.te
sdcardd.te
seapp_contexts
security_classes
selinux-network.sh
servicemanager.te
shared_app.te
shell.te
shell_user.te
shelldomain.te
su.te
su_user.te
surfaceflinger.te
system_app.te
system_server.te
te_macros
tee.te
ueventd.te
unconfined.te
untrusted_app.te
users
vold.te
watchdogd.te
wpa_supplicant.te
zygote.te