Skip to content
Snippets Groups Projects
Select Git revision
  • 502e43f7d9f8ed2ccdd0c2d2c7aa2bc84d9c02e7
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

AndroidSystemSEPolicy

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Tri Vo authored
    Core domains should not be allowed access to kernel interfaces,
    which are not explicitly labeled. These interfaces include
    (but are not limited to):
    
    1. /proc
    2. /sys
    3. /dev
    4. debugfs
    5. tracefs
    6. inotifyfs
    7. pstorefs
    8. configfs
    9. functionfs
    10. usbfs
    11. binfmt_miscfs
    
    We keep a lists of exceptions to the rule, which we will be gradually shrinking.
    This will help us prevent accidental regressions in our efforts to label
    kernel interfaces.
    
    Bug: 68159582
    Test: bullhead, sailfish can build
    Change-Id: I8e466843e1856720f30964546c5c2c32989fa3a5
    502e43f7
    History
    Name Last commit Last update