Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Blame Permalink
  • dcashman's avatar
    cc39f637
    Split general policy into public and private components. · cc39f637
    dcashman authored 
    Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
    cc39f637
    History
    Split general policy into public and private components.
    dcashman authored 
    Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
runas.te 1006 B 
type runas, domain, domain_deprecated, mlstrustedsubject;
type runas_exec, exec_type, file_type;

allow runas adbd:process sigchld;
allow runas shell:fd use;
allow runas shell:fifo_file { read write };
allow runas devpts:chr_file { read write ioctl };
allow runas shell_data_file:file { read write };

# run-as reads package information.
allow runas system_data_file:file r_file_perms;

# run-as checks and changes to the app data dir.
dontaudit runas self:capability dac_override;
allow runas app_data_file:dir { getattr search };

# run-as switches to the app UID/GID.
allow runas self:capability { setuid setgid };

# run-as switches to the app security context.
selinux_check_context(runas) # validate context
allow runas self:process setcurrent;
allow runas non_system_app_set:process dyntransition; # setcon

###
### neverallow rules
###

# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID
neverallow runas self:capability ~{ setuid setgid };
neverallow runas self:capability2 *;