public · 3e307a4de570a64437e3071ae398ed291ba82098 · Werner Sembach / AndroidSystemSEPolicy

Remove neverallow preventing hwservice access for apps.

Dan Cashman authored 7 years ago

Same-process HALs are forbidden except for very specific HALs that have
been provided and whitelisted by AOSP.  As a result, a vendor extension
HAL may have a need to be accessed by untrusted_app.  This is still
discouraged, and the existing AOSP hwservices are still forbidden, but
remove the blanket prohibition.  Also indicate that this is temporary,
and that partners should expect to get exceptions to the rule into AOSP
in the future.

Bug: 62806062
Test: neverallow-only change builds.  Verify new attribute is in policy.
Change-Id: I6d3e659147d509a3503c2c9e0b6bb9016cc75832

3e307a4d

History

3e307a4d 7 years ago

History

Name	Last commit	Last update
..
adbd.te
asan_extract.te
attributes
audioserver.te
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
charger.te
clatd.te
cppreopts.te
crash_dump.te
device.te
dex2oat.te
dhcp.te
display_service_server.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
fingerprintd.te
fsck.te
fsck_untrusted.te
gatekeeperd.te
global_macros
hal_allocator.te
hal_audio.te
hal_bluetooth.te
hal_bootctl.te
hal_camera.te
hal_configstore.te
hal_contexthub.te
hal_drm.te
hal_dumpstate.te
hal_fingerprint.te
hal_gatekeeper.te
hal_gnss.te
hal_graphics_allocator.te
hal_graphics_composer.te
hal_health.te
hal_ir.te
hal_keymaster.te
hal_light.te
hal_memtrack.te
hal_neverallows.te
hal_nfc.te
hal_oemlock.te
hal_power.te
hal_sensors.te
hal_telephony.te
hal_tetheroffload.te
hal_thermal.te
hal_tv_cec.te
hal_tv_input.te
hal_usb.te
hal_vibrator.te
hal_vr.te
hal_weaver.te
hal_wifi.te
hal_wifi_offload.te
hal_wifi_supplicant.te
healthd.te
hwservice.te
hwservicemanager.te
idmap.te
incident.te
incidentd.te
init.te
inputflinger.te
install_recovery.te
installd.te
ioctl_defines
ioctl_macros
isolated_app.te
kernel.te
keystore.te
lmkd.te
logd.te
logpersist.te
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaserver.te
modprobe.te
mtp.te
net.te
netd.te
netutils_wrapper.te
neverallow_macros
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te