df48bd2ca88a94225fbc074d7fe5b542c3d490c8 - fp2-dev/platform/external/sepolicy

commit	df48bd2ca88a94225fbc074d7fe5b542c3d490c8	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed May 14 08:58:06 2014 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Wed May 14 08:58:06 2014 -0400
tree	376064e4936affe5ec48300734b93bbea1496c72
parent	f78fb4e0c8ae49bb73e691a37de00f2d5b66f9e1 [diff]

Remove zygote write access to system_data_file.

These rules seem to be a legacy of old Android or perhaps old policy
before we began splitting types on /data.  I have not been able to
trigger the auditallow rules on AOSP master.  Reduce the rules to
only read access to system data.  If we need write access to some
specific directory under /data, we should introduce a type for it.

Change-Id: I780835950cc366c97b7d0901fc73527d9ea479b1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

zygote.te[diff]

1 file changed

tree: 376064e4936affe5ec48300734b93bbea1496c72

tools/
access_vectors
adbd.te
Android.mk
app.te
attributes
binderservicedomain.te
bluetooth.te
bootanim.te
clatd.te
debuggerd.te
device.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
file.te
file_contexts
fs_use
genfs_contexts
global_macros
gpsd.te
hci_attach.te
healthd.te
hostapd.te
init.te
init_shell.te
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
mac_permissions.xml
mdnsd.te
mediaserver.te
mls
mls_macros
mtp.te
net.te
netd.te
nfc.te
NOTICE
platform_app.te
policy_capabilities
port_contexts
ppp.te
property.te
property_contexts
racoon.te
radio.te
README
recovery.te
rild.te
roles
runas.te
sdcardd.te
seapp_contexts
security_classes
selinux-network.sh
servicemanager.te
shell.te
shelldomain.te
su.te
surfaceflinger.te
system_app.te
system_server.te
te_macros
tee.te
ueventd.te
unconfined.te
uncrypt.te
untrusted_app.te
users
vold.te
watchdogd.te
wpa.te
zygote.te