bluetooth.te · be66069765b019257ed3bf1ca1285e643360a998 · Werner Sembach / AndroidSystemSEPolicy

10 years ago

Remove -unconfineddomain from neverallow rules · be660697

Nick Kralevich authored 10 years ago

Many of the neverallow rules have -unconfineddomain. This was
intended to allow us to support permissive_or_unconfined(), and
ensure that all domains were enforcing at least a minimal set of
rules.

Now that all the app domains are in enforcing / confined, there's
no need to allow for these exceptions. Remove them.

Change-Id: Ieb29872dad415269f7fc2fe5be5a3d536d292d4f

be660697

History

Remove -unconfineddomain from neverallow rules

Nick Kralevich authored 10 years ago

Many of the neverallow rules have -unconfineddomain. This was
intended to allow us to support permissive_or_unconfined(), and
ensure that all domains were enforcing at least a minimal set of
rules.

Now that all the app domains are in enforcing / confined, there's
no need to allow for these exceptions. Remove them.

Change-Id: Ieb29872dad415269f7fc2fe5be5a3d536d292d4f