Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 69fcac4c7ea6ac83a37e663d7a52d9ca3557560a
commit69fcac4c7ea6ac83a37e663d7a52d9ca3557560a[log] [tgz]
authorTom Cherry <tomcherry@google.com>Wed Apr 29 11:29:54 2020 -0700
committerTom Cherry <tomcherry@google.com>Wed Apr 29 14:02:43 2020 -0700
tree92a27ca60f916d53c02a8e8eb4af5eccbf43c19f
parent2ea9264ea3ed4f7381a56c5127952c0652b1582c [diff]
Prevent transition to coredomain except for system files and vice versa

Add a neverallow to prevent coredomain from accessing entrypoint for
files other than system_file_type and postinstall_file.  Add the
complementary neverallow to prevent domains other than coredomain from
accessing entrypoint for files other than vendor_file_type and
init_exec (for vendor_init).

Bug: 155124994
Test: build
Change-Id: I6e0cb7fb445b96b82e434e949b59c299aee1ad8b
1 file changed
tree: 92a27ca60f916d53c02a8e8eb4af5eccbf43c19f
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. TEST_MAPPING
  26. treble_sepolicy_tests_for_release.mk