Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 71b0b85a9469e99fec499ccf37ed07b0de6b4f1f
commit71b0b85a9469e99fec499ccf37ed07b0de6b4f1f[log] [tgz]
authorA. Cody Schuffelen <schuffelen@google.com>Tue Feb 18 15:26:44 2020 -0800
committerA. Cody Schuffelen <schuffelen@google.com>Wed Mar 11 12:24:24 2020 -0700
treee318b6d6743ec33853003c49bac34355907aaaa6
parent6862377b84ac0fbaa6cc14f58cfe664a7cc0aa32 [diff]
Add sepolicy for the securityfs mount type.

See discussion in aosp/1233645. There was a concern about this
filesystem automounting when enabled, so this change adds sepolicy to
preemptively lock it down.

I'm not confident it actually automounts. If it does, it'll land in
/sys/kernel/security, which is also protected with the sysfs policy.

Test: Builds
Bug: 148102533
Change-Id: I78a246a5c18953f2471f84367ab383afb2742908
3 files changed
tree: e318b6d6743ec33853003c49bac34355907aaaa6
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. TEST_MAPPING
  26. treble_sepolicy_tests_for_release.mk