Skip to content
Snippets Groups Projects
Select Git revision
  • 6fa700c966f7626ae948341a51e5e8c1b9e40f2c
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

system_server.te

Blame
    • Alex Klyubin's avatar
      2f6151ea
      Tighten restrictions on core <-> vendor socket comms · 2f6151ea
      Alex Klyubin authored 
      This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e
      2f6151ea
      History
      Tighten restrictions on core <-> vendor socket comms
      Alex Klyubin authored 
      This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e
    NOTICE 1.00 KiB 
    This configuration (sepolicy) is public domain, i.e. not copyrighted.

Warranty Exclusion
------------------
You agree that this software is a
non-commercially developed program that may contain "bugs" (as that
term is used in the industry) and that it may not function as intended.
The software is licensed "as is". NSA makes no, and hereby expressly
disclaims all, warranties, express, implied, statutory, or otherwise
with respect to the software, including noninfringement and the implied
warranties of merchantability and fitness for a particular purpose.

Limitation of Liability
-----------------------
In no event will NSA be liable for any damages, including loss of data,
lost profits, cost of cover, or other special, incidental,
consequential, direct or indirect damages arising from the software or
the use thereof, however caused and on any theory of liability. This
limitation will apply even if NSA has been advised of the possibility
of such damage. You acknowledge that this is a reasonable allocation of
risk.