Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 83b54ecab73912a16d783f0d03c2aada378173a7
commit83b54ecab73912a16d783f0d03c2aada378173a7[log] [tgz]
authorRobert Craig <rpcraig@tycho.ncsc.mil>Tue Jul 01 13:53:11 2014 -0700
committerNick Kralevich <nnk@google.com>Tue Jul 01 13:53:11 2014 -0700
tree4aa55b8cf7b73510623f7a517b3873efdd9ff2a9
parentdb816cef0dd1f1988fbcf3c70a66f9c4acf73358 [diff]
Allow different SELinux policies for third party apps.

Prior support forced all third party apps
to be resolved against the default stanza
of the mac_permissions.xml file when assigning
seinfo labels. This meant that all third party
apps, in effect, were untrusted regardless of
cert and therefore received the same selinux domain.
This also had the unfortunate side effect of forcing
certain third party apps into the wrong domains
because of shared userid requests among apps.

This patch removes that restriction and instead
allows all apps, regardless of location, to be
matched against the full mac_permissions.xml
policy file. This then allows all apps signed
with known good certs to receive the same selinux
domains of other apps with whom they share trust.

Change-Id: Iba569c046135c0e81140faf6296c5da26a243037
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
1 file changed
tree: 4aa55b8cf7b73510623f7a517b3873efdd9ff2a9
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. policy/
  19. rs/
  20. samples/
  21. sax/
  22. services/
  23. telephony/
  24. test-runner/
  25. tests/
  26. tools/
  27. wifi/
  28. Android.mk
  29. CleanSpec.mk
  30. MODULE_LICENSE_APACHE2
  31. NOTICE
  32. preloaded-classes