Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results

dhcp.te

Blame
    • Jeff Vander Stoep's avatar
      50563c03
      Ban core components from accessing vendor data types · 50563c03
      Jeff Vander Stoep authored 
      Vendor and system components are only allowed to share files by
passing open FDs over HIDL. Ban all directory access and all file
accesses other than what can be applied to an open FD such as
ioctl/stat/read/write/append.

This commit asserts that core components marked with attribute
coredomain may only access core data types marked with attribute
core_data_file_type.

A temporary exemption is granted to domains that currently rely on
access.

(cherry picked from commit cd97e710)

Bug: 34980020
Test: build Marlin policy
Change-Id: I2f0442f2628fbac1f2f7aa5ddf2a13e16b2546cc
      50563c03
      History
      Ban core components from accessing vendor data types
      Jeff Vander Stoep authored 
      Vendor and system components are only allowed to share files by
passing open FDs over HIDL. Ban all directory access and all file
accesses other than what can be applied to an open FD such as
ioctl/stat/read/write/append.

This commit asserts that core components marked with attribute
coredomain may only access core data types marked with attribute
core_data_file_type.

A temporary exemption is granted to domains that currently rely on
access.

(cherry picked from commit cd97e710)

Bug: 34980020
Test: build Marlin policy
Change-Id: I2f0442f2628fbac1f2f7aa5ddf2a13e16b2546cc