Skip to content
Snippets Groups Projects
Commit b827155c authored by Sandeep Patil's avatar Sandeep Patil Committed by android-build-merger
Browse files

Add label for kernel test files and executables am: 34e35e9e am: bf01e8e1

am: d044177a

Change-Id: I2c84e9a6252e5cb2c85ec1e50f9e2583f3fb9027
parents b2a679f9 d044177a
Branches
Tags
No related merge requests found
......@@ -363,6 +363,7 @@
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
/data/media(/.*)? u:object_r:media_rw_data_file:s0
/data/mediadrm(/.*)? u:object_r:media_data_file:s0
......
......@@ -452,6 +452,9 @@ neverallow {
-apk_data_file
}:file no_x_file_perms;
# The test files and executables MUST not be accessible to any domain
neverallow domain nativetest_data_file:file_class_set no_w_file_perms;
neverallow domain nativetest_data_file:dir no_w_dir_perms;
neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
# Only the init property service should write to /data/property and /dev/__properties__
......@@ -1182,7 +1185,6 @@ neverallow {
userdebug_or_eng(`-uncrypt')
} shell_data_file:file open;
# servicemanager and vndservicemanager are the only processes which handle the
# service_manager list request
neverallow * ~{
......
......@@ -138,6 +138,7 @@ allow init {
-app_data_file
-exec_type
-misc_logd_file
-nativetest_data_file
-system_app_data_file
-system_file
-vendor_file_type
......@@ -149,6 +150,7 @@ allow init {
-exec_type
-keystore_data_file
-misc_logd_file
-nativetest_data_file
-shell_data_file
-system_app_data_file
-system_file
......@@ -163,6 +165,7 @@ allow init {
-exec_type
-keystore_data_file
-misc_logd_file
-nativetest_data_file
-shell_data_file
-system_app_data_file
-system_file
......@@ -176,6 +179,7 @@ allow init {
-exec_type
-keystore_data_file
-misc_logd_file
-nativetest_data_file
-shell_data_file
-system_app_data_file
-system_file
......@@ -189,6 +193,7 @@ allow init {
-exec_type
-keystore_data_file
-misc_logd_file
-nativetest_data_file
-shell_data_file
-system_app_data_file
-system_file
......
......@@ -66,6 +66,7 @@ allow kernel app_data_file:file read;
allow kernel asec_image_file:file read;
# Allow reading loop device in update_engine_unittests. (b/28319454)
# and for LTP kernel tests (b/73220071)
userdebug_or_eng(`
allow kernel update_engine_data_file:file read;
allow kernel nativetest_data_file:file read;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment