Support forcing permissive domains to unconfined.
Permissive domains are only intended for development. When a device launches, we want to ensure that all permissive domains are in, at a minimum, unconfined+enforcing. Add FORCE_PERMISSIVE_TO_UNCONFINED to Android.mk. During development, this flag is false, and permissive domains are allowed. When SELinux new feature development has been frozen immediately before release, this flag will be flipped to true. Any previously permissive domains will move into unconfined+enforcing. This will ensure that all SELinux domains have at least a minimal level of protection. Unconditionally enable this flag for all user builds. Change-Id: I1632f0da0022c80170d8eb57c82499ac13fd7858
Showing
- Android.mk 20 additions, 1 deletionAndroid.mk
- bluetooth.te 2 additions, 2 deletionsbluetooth.te
- dhcp.te 1 addition, 1 deletiondhcp.te
- drmserver.te 1 addition, 1 deletiondrmserver.te
- dumpstate.te 1 addition, 1 deletiondumpstate.te
- hci_attach.te 1 addition, 1 deletionhci_attach.te
- hostapd.te 1 addition, 1 deletionhostapd.te
- mediaserver.te 1 addition, 1 deletionmediaserver.te
- platform_app.te 1 addition, 1 deletionplatform_app.te
- release_app.te 1 addition, 1 deletionrelease_app.te
- rild.te 1 addition, 1 deletionrild.te
- sdcardd.te 1 addition, 1 deletionsdcardd.te
- shared_app.te 1 addition, 1 deletionshared_app.te
- surfaceflinger.te 1 addition, 1 deletionsurfaceflinger.te
- system_app.te 1 addition, 1 deletionsystem_app.te
- system_server.te 1 addition, 1 deletionsystem_server.te
- te_macros 11 additions, 0 deletionste_macros
- untrusted_app.te 1 addition, 1 deletionuntrusted_app.te
- wpa_supplicant.te 1 addition, 1 deletionwpa_supplicant.te
Loading
Please register or sign in to comment