Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 668e74f6f45b2c6cf6494e9d8c635ce8528b86db
commit668e74f6f45b2c6cf6494e9d8c635ce8528b86db[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Thu Nov 12 18:08:18 2020 +0000
committerAlan Stokes <alanstokes@google.com>Thu Nov 12 18:08:18 2020 +0000
tree6270b15723a09ebfe1b837c8eb5492ff6b87d747
parent9f7d1ff0f1f41ea2dfd42e1a10b2af4da6aa170b [diff]
Exempt app_data_file_type from neverallow rules.

We need to be able to access app data files from core domains such as
installd even for vendor apps. Those file types should not be
core_data_file_type, so we explicitly exempty app_data_file_type as
well as core_data_file_type from the relevant neverallows.

To prevent misuse of the attribute, add a test to check it is not
applied to anything in file_contexts. Exempt the existing violators in
system policy for now.

Test: Builds
Test: Adding a type with just "file_type, data_file_type, app_data_file_type" works
Test: New test successfully catches  violators.
Bug: 171795911
Change-Id: I07bf3ec3db615f8b7a33d8235da5e6d8e2508975
4 files changed
tree: 6270b15723a09ebfe1b837c8eb5492ff6b87d747
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk