Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 853ffaad323b3e5db14d3f2e4fbe7fa96160ede4
commit853ffaad323b3e5db14d3f2e4fbe7fa96160ede4[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Thu Mar 06 13:02:50 2014 -0500
committerNick Kralevich <nnk@google.com>Mon Mar 10 20:41:34 2014 +0000
tree81b3ef14627d8b6491385ff4217e68dce14c012c
parent3696da6e1491926b0da9010464aa3574af91c3fe [diff]
Deduplicate neverallow rules on selinuxfs operations.

We already have neverallow rules for all domains about
loading policy, setting enforcing mode, and setting
checkreqprot, so we can drop redundant ones from netd and appdomain.
Add neverallow rules to domain.te for setbool and setsecparam
and exclude them from unconfined to allow fully eliminating
separate neverallow rules on the :security class from anything
other than domain.te.

Change-Id: I0122e23ccb2b243f4c5376893e0c894f01f548fc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
4 files changed
tree: 81b3ef14627d8b6491385ff4217e68dce14c012c
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dhcp.te
  14. dnsmasq.te
  15. domain.te
  16. drmserver.te
  17. dumpstate.te
  18. file.te
  19. file_contexts
  20. fs_use
  21. genfs_contexts
  22. global_macros
  23. gpsd.te
  24. hci_attach.te
  25. healthd.te
  26. hostapd.te
  27. init.te
  28. init_shell.te
  29. initial_sid_contexts
  30. initial_sids
  31. inputflinger.te
  32. installd.te
  33. isolated_app.te
  34. kernel.te
  35. keys.conf
  36. keystore.te
  37. lmkd.te
  38. logd.te
  39. mac_permissions.xml
  40. mdnsd.te
  41. media_app.te
  42. mediaserver.te
  43. mls
  44. mls_macros
  45. mtp.te
  46. net.te
  47. netd.te
  48. nfc.te
  49. NOTICE
  50. platform_app.te
  51. platformappdomain.te
  52. policy_capabilities
  53. port_contexts
  54. ppp.te
  55. property.te
  56. property_contexts
  57. racoon.te
  58. radio.te
  59. README
  60. recovery.te
  61. release_app.te
  62. rild.te
  63. roles
  64. runas.te
  65. sdcardd.te
  66. seapp_contexts
  67. security_classes
  68. selinux-network.sh
  69. servicemanager.te
  70. shared_app.te
  71. shell.te
  72. shelldomain.te
  73. su.te
  74. surfaceflinger.te
  75. system_app.te
  76. system_server.te
  77. te_macros
  78. tee.te
  79. ueventd.te
  80. unconfined.te
  81. uncrypt.te
  82. untrusted_app.te
  83. users
  84. vold.te
  85. watchdogd.te
  86. wpa.te
  87. zygote.te