Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Blame Permalink
  • Stephen Smalley's avatar
    ca0759b1
    Restore netdomain allow rules. · ca0759b1
    Stephen Smalley authored 
    
Change I4be1c987a5d69ac784a56d42fc2c9063c402de11 removed all
netdomain allow rules at the same time domains were made unconfined.
Prior to that change, any domain that used the net_domain() macro
would be granted permissions required to use the network via these rules.
The change made the netdomain attribute unused in any rules, thereby
rendering the net_domain() calls pointless and requiring the allow
rules to be duplicated for any domain requiring network access. There
are two ways to resolve this inconsistency:
1.  Restore the netdomain rules as in this change.  In that case,
some rules in app.te can be removed as they are redundant with these rules.
-or-
2.  Completely remove the netdomain attribute, the net_domain() macro,
and all calls to it.  In that case, each domain that requires network
access will need to duplicate these rules or the necessary subset in order
to function.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>

Change-Id: Ia54f0cd0bbda5c510423b1046626bd50f79ed7b6
    ca0759b1
    History
    Restore netdomain allow rules.
    Stephen Smalley authored 
    
Change I4be1c987a5d69ac784a56d42fc2c9063c402de11 removed all
netdomain allow rules at the same time domains were made unconfined.
Prior to that change, any domain that used the net_domain() macro
would be granted permissions required to use the network via these rules.
The change made the netdomain attribute unused in any rules, thereby
rendering the net_domain() calls pointless and requiring the allow
rules to be duplicated for any domain requiring network access. There
are two ways to resolve this inconsistency:
1.  Restore the netdomain rules as in this change.  In that case,
some rules in app.te can be removed as they are redundant with these rules.
-or-
2.  Completely remove the netdomain attribute, the net_domain() macro,
and all calls to it.  In that case, each domain that requires network
access will need to duplicate these rules or the necessary subset in order
to function.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>

Change-Id: Ia54f0cd0bbda5c510423b1046626bd50f79ed7b6