Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / c7f56cdc83b958defa5a27dd12be1783db1b4b2f
commitc7f56cdc83b958defa5a27dd12be1783db1b4b2f[log] [tgz]
authorTri Vo <trong@google.com>Tue Nov 13 17:55:06 2018 -0800
committerTri Vo <trong@google.com>Thu Nov 15 21:31:56 2018 +0000
tree6257f7ee792ff4d8ce520c0dbb460c688351bfee
parentfb79404e3a36c49f1856f56ba744e4d8e9be3b80 [diff]
Remove kmem_device selinux type.

kmem_device was used to label /dev/mem and /dev/kmem. We already have
multiple layers of protection against those /dev nodes being present on
devices.

CTS checks that /dev/mem and /dev/kmem don't exist:
https://android.googlesource.com/platform/cts/+/master/tests/tests/permission/src/android/permission/cts/FileSystemPermissionTest.java#233

VTS enforces our base kernel configs, which have CONFIG_DEVKMEM and
CONFIG_DEVMEM disabled:
https://android.googlesource.com/kernel/configs/+/master/android-4.9/android-base.config#2

Bug: 110962171
Test: m selinux_policy
Change-Id: I246740684218dee0cddf81dabf84d4763a753cde
8 files changed
tree: 6257f7ee792ff4d8ce520c0dbb460c688351bfee
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. definitions.mk
  15. MODULE_LICENSE_PUBLIC_DOMAIN
  16. NOTICE
  17. OWNERS
  18. PREUPLOAD.cfg
  19. README
  20. treble_sepolicy_tests_for_release.mk