714ee5f293042986791ce653900a3eb308e6788a - android_system_sepolicy

commit	714ee5f293042986791ce653900a3eb308e6788a	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Oct 20 09:58:08 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Oct 20 09:58:08 2017 -0700
tree	98a05f38513ad26d67d06b30491a84a9abc333f4
parent	2ecdfb49bcb4ea3c486aef52f9cb2be8f63a0558 [diff]

Ensure only com.android.shell can run in the shell domain.

Don't allow apps to run with uid=shell or selinux domain=shell unless
the package is com.android.shell.

Add a neverallow assertion (compile time assertion + CTS test) to ensure
no regressions.

Bug: 68032516
Test: policy compiles, device boots, and no obvious problems.
Change-Id: Ic6600fa5608bfbdd41ff53840d904f97d17d6731

private/seapp_contexts[diff]

1 file changed

tree: 98a05f38513ad26d67d06b30491a84a9abc333f4

prebuilts/
private/
public/
reqd_mask/
tests/
tools/
vendor/
Android.bp
Android.mk
CleanSpec.mk
definitions.mk
MODULE_LICENSE_PUBLIC_DOMAIN
NOTICE
OWNERS
PREUPLOAD.cfg
README