Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 3e113edf0225bbe54a0f98353dd22de855ee2657
commit3e113edf0225bbe54a0f98353dd22de855ee2657[log] [tgz]
authorNick Kralevich <nnk@google.com>Mon Mar 02 20:10:48 2015 -0800
committerNick Kralevich <nnk@google.com>Mon Mar 02 20:10:48 2015 -0800
tree7ce1576eaedb9592e8f26383eba9e417448bf4b6
parent19eecd2dd7bd0f542e8ac7ed6ea576dc397f6639 [diff]
neverallow ueventd to set properties

Add a compile time assertion that no SELinux rules exist which
allow ueventd to set properties, or even connect to the property
socket.

See https://android-review.googlesource.com/#/c/133120/6/init/devices.cpp@941
for details.

Change-Id: Ia9e932a3d94443d70644b14f36c74df4be7e9e32
1 file changed
tree: 7ce1576eaedb9592e8f26383eba9e417448bf4b6
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dex2oat.te
  14. dhcp.te
  15. dnsmasq.te
  16. domain.te
  17. drmserver.te
  18. dumpstate.te
  19. file.te
  20. file_contexts
  21. fs_use
  22. fsck.te
  23. genfs_contexts
  24. global_macros
  25. gpsd.te
  26. hci_attach.te
  27. healthd.te
  28. hostapd.te
  29. init.te
  30. initial_sid_contexts
  31. initial_sids
  32. inputflinger.te
  33. install_recovery.te
  34. installd.te
  35. isolated_app.te
  36. kernel.te
  37. keys.conf
  38. keystore.te
  39. lmkd.te
  40. logd.te
  41. mac_permissions.xml
  42. mdnsd.te
  43. mediaserver.te
  44. mls
  45. mls_macros
  46. mtp.te
  47. net.te
  48. netd.te
  49. neverallow_macros
  50. nfc.te
  51. NOTICE
  52. platform_app.te
  53. policy_capabilities
  54. port_contexts
  55. ppp.te
  56. property.te
  57. property_contexts
  58. racoon.te
  59. radio.te
  60. README
  61. recovery.te
  62. rild.te
  63. roles
  64. runas.te
  65. sdcardd.te
  66. seapp_contexts
  67. security_classes
  68. service.te
  69. service_contexts
  70. servicemanager.te
  71. shared_relro.te
  72. shell.te
  73. slideshow.te
  74. su.te
  75. surfaceflinger.te
  76. system_app.te
  77. system_server.te
  78. te_macros
  79. tee.te
  80. toolbox.te
  81. ueventd.te
  82. uncrypt.te
  83. untrusted_app.te
  84. users
  85. vdc.te
  86. vold.te
  87. watchdogd.te
  88. wpa.te
  89. zygote.te