Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 082ced1951ed27dd480eeef7c6108b755a9bf5af
commit082ced1951ed27dd480eeef7c6108b755a9bf5af[log] [tgz]
authorInseob Kim <inseob@google.com>Thu Nov 12 16:42:30 2020 +0900
committerInseob Kim <inseob@google.com>Mon Dec 14 16:58:23 2020 +0900
tree874f3b37bcf4623ea88235aa7e39c0daa9a14428
parentba862cdeb6aa3699037eccd3b838390989f84457 [diff]
Make default_prop only readable from coredomain

default_prop has been readable from coredomain and appdomain. It's too
broad, because default_prop is a context for properties which don't have
matching property_contexts entries.

From now on, only coredomain can read default_prop. It's still broad,
but at least random apps can't read default_prop anymore.

Bug: 170590987
Test: SELinux denial boot test for internal devices
Change-Id: Ieed7e60d7e4448705c70e4f1725b2290e4fbcb4a
4 files changed
tree: 874f3b37bcf4623ea88235aa7e39c0daa9a14428
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk