-
- Downloads
untrusted_app: policy versioning based on targetSdkVersion
Motivation: Provide the ability to phase in new security policies by applying them to apps with a minimum targetSdkVersion. Place untrusted apps with targetSdkVersion<=25 into the untrustd_app_25 domain. Apps with targetSdkVersion>=26 are placed into the untrusted_app domain. Common rules are included in the untrusted_app_all attribute. Apps with a more recent targetSdkVersion are granted fewer permissions. Test: Marlin builds and boots. Apps targeting targetSdkVersion<=25 run in untrusted_app_25 domain. Apps targeting the current development build >=26 run in the untrusted_app domain with fewer permissions. No new denials observed during testing. Bug: 34115651 Bug: 35323421 Change-Id: Ie6a015566fac07c44ea06c963c40793fcdc9a083
Showing
- private/app_neverallows.te 27 additions, 20 deletionsprivate/app_neverallows.te
- private/seapp_contexts 2 additions, 1 deletionprivate/seapp_contexts
- private/untrusted_app.te 1 addition, 88 deletionsprivate/untrusted_app.te
- private/untrusted_app_25.te 29 additions, 0 deletionsprivate/untrusted_app_25.te
- private/untrusted_app_all.te 102 additions, 0 deletionsprivate/untrusted_app_all.te
- public/attributes 3 additions, 0 deletionspublic/attributes
- public/domain.te 1 addition, 1 deletionpublic/domain.te
- public/te_macros 7 additions, 0 deletionspublic/te_macros
- public/untrusted_app_25.te 20 additions, 0 deletionspublic/untrusted_app_25.te
Loading
Please register or sign in to comment