Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 49c73b06a21f8cd41b37dc6fb79160ef5969c360
commit49c73b06a21f8cd41b37dc6fb79160ef5969c360[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Thu Jan 30 22:08:43 2020 -0800
committerMaciej Żenczykowski <maze@google.com>Sat Feb 22 02:14:58 2020 +0000
tree68e185ff6405e928a3ff8e549e7f264948288d72
parent281afd81faa789a80227d050d14ddeaa2c6e6956 [diff]
cut down bpf related privileges

This is driven by 3 things:
  - netd no longer needs setattr, since this is now done by bpfloader
  - nothing should ever unpin maps or programs
  - generic cleanups and additional neverallows

Test: build, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I881cc8bf9fe062aaff709727406c5a51fc363c8e
2 files changed
tree: 68e185ff6405e928a3ff8e549e7f264948288d72
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. TEST_MAPPING
  26. treble_sepolicy_tests_for_release.mk