Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b779833c271deb6fa7e2cfe3841cf9dd57871183
device_google_wahoo/sepolicy/system_app.te
Jeff Vander Stoep b779833c27 Annotate core components that access vendor data types 
A neverallow asserts that core domains may not access data types
specified in vendor policy. Some violations occured due to policy
granted to both HALs and HAL clients. Some of these violations could
be fixed by modifying the policy such that if a HAL no longer runs in
passthrough mode, then only apply permissions to the HAL itself and
not to clients.

For domains that still violate the neverallow rule, grant a temporary
exemption with TODOs and bugs assigned for the remaining work.

Bug: 34980020
Test: Build and boot Muskie. Make phone call, watch youtube video.
      No new denials observed.

Change-Id: I27ec9cdd04d8f5d5524b5b0bcb8c88f9edcc72fb
2017-03-30 21:32:47 -07:00

13 lines
421 B
Plaintext
Raw Blame History

r_dir_file(system_app, sysfs_msm_subsys)
unix_socket_connect(system_app, cnd, cnd)
userdebug_or_eng(`
# TODO(b/36734870): Remove this once system_app no longer directly
# accesses data owned by vendor components
typeattribute system_app vendordata_in_core_violators;
allow system_app ramdump_data_file:dir r_dir_perms;
allow system_app ramdump_data_file:file r_file_perms;
get_prop(system_app, ssr_prop)
')
Reference in New Issue View Git Blame Copy Permalink