Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 158e176c5aca6dd0969586f62a86f00827fe96b0
commit158e176c5aca6dd0969586f62a86f00827fe96b0[log] [tgz]
authorA. Cody Schuffelen <schuffelen@google.com>Tue Feb 18 15:26:44 2020 -0800
committerAlistair Delva <adelva@google.com>Fri Mar 13 15:55:05 2020 +0000
treeaafba40627b35bf720444ede6fa1d6599da79633
parent59b996c2774d51625eabcb409f79934c6da1d2cd [diff]
Add sepolicy for the securityfs mount type.

See discussion in aosp/1233645. There was a concern about this
filesystem automounting when enabled, so this change adds sepolicy to
preemptively lock it down.

I'm not confident it actually automounts. If it does, it'll land in
/sys/kernel/security, which is also protected with the sysfs policy.

Test: Builds
Bug: 148102533
Change-Id: I78a246a5c18953f2471f84367ab383afb2742908
Merged-In: I78a246a5c18953f2471f84367ab383afb2742908
3 files changed
tree: aafba40627b35bf720444ede6fa1d6599da79633
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. TEST_MAPPING
  26. treble_sepolicy_tests_for_release.mk