public · 6a28b68d5479bb51035fb878f9bb3e7019d65180 · Werner Sembach / AndroidSystemSEPolicy

Jeff Vander Stoep authored 7 years ago

Commit 7688161c "hal_*_(client|server) => hal(client|server)domain"
added neverallow rules on hal_*_client attributes while simultaneously
expanding these attribute which causes them to fail CTS neverallow
tests. Remove these neverallow rules as they do not impose specific
security properties that we want to enforce.

Modify Other neverallow failures which were imposed on hal_foo
attributes and should have been enforced on hal_foo_server attributes
instead.

Bug: 69566734
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed
    remaining failure appears to be caused by b/68133473
Test: build taimen-user/userdebug

Change-Id: I619e71529e078235ed30dc06c60e6e448310fdbc

6a28b68d

History

6a28b68d 7 years ago

History

Name	Last commit	Last update
..
adbd.te
asan_extract.te
attributes
audioserver.te
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
charger.te
clatd.te
cppreopts.te
crash_dump.te
device.te
dex2oat.te
dhcp.te
display_service_server.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
e2fs.te
ephemeral_app.te
file.te
fingerprintd.te
fsck.te
fsck_untrusted.te
gatekeeperd.te
global_macros
hal_allocator.te
hal_audio.te
hal_bluetooth.te
hal_bootctl.te
hal_broadcastradio.te
hal_camera.te
hal_cas.te
hal_configstore.te
hal_contexthub.te
hal_drm.te
hal_dumpstate.te
hal_fingerprint.te
hal_gatekeeper.te
hal_gnss.te
hal_graphics_allocator.te
hal_graphics_composer.te
hal_health.te
hal_ir.te
hal_keymaster.te
hal_light.te
hal_lowpan.te
hal_memtrack.te
hal_neuralnetworks.te
hal_neverallows.te
hal_nfc.te
hal_oemlock.te
hal_power.te
hal_sensors.te
hal_telephony.te
hal_tetheroffload.te
hal_thermal.te
hal_tv_cec.te
hal_tv_input.te
hal_usb.te
hal_vibrator.te
hal_vr.te
hal_weaver.te
hal_wifi.te
hal_wifi_offload.te
hal_wifi_supplicant.te
healthd.te
hwservice.te
hwservicemanager.te
idmap.te
incident.te
incidentd.te
init.te
inputflinger.te
install_recovery.te
installd.te
ioctl_defines
ioctl_macros
isolated_app.te
kernel.te
keystore.te
lmkd.te
logd.te
logpersist.te
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
mediaserver.te
modprobe.te
mtp.te
net.te
netd.te