Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / d2703d21814c3f869fed97c74596bb4ba661806c
commitd2703d21814c3f869fed97c74596bb4ba661806c[log] [tgz]
authorNick Kralevich <nnk@google.com>Mon Jun 24 16:54:49 2013 -0700
committerNick Kralevich <nnk@google.com>Mon Jun 24 16:54:49 2013 -0700
tree6ff43ec292f452a068883a98a35d29bc5590d7b0
parent0eed3476dca910e8ce70a6568c8a219c25744287 [diff]
allow system server to control zygote spawned processes

System server needs to be able to tell Zygote to create processes
with differing ids, capabilities, and SELinux security information.
Allow it.

These rules are not in unconfined.te, and as a result, are not
automatically allowed by SELinux in enforcing mode.

Change-Id: I010eaa2b0e0cee5d995e08e6c785cc5e01b2c974
1 file changed
tree: 6ff43ec292f452a068883a98a35d29bc5590d7b0
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. bluetooth.te
  8. bluetoothd.te
  9. dbusd.te
  10. debuggerd.te
  11. device.te
  12. dhcp.te
  13. domain.te
  14. drmserver.te
  15. file.te
  16. file_contexts
  17. fs_use
  18. genfs_contexts
  19. global_macros
  20. gpsd.te
  21. hci_attach.te
  22. init.te
  23. init_shell.te
  24. initial_sid_contexts
  25. initial_sids
  26. installd.te
  27. kernel.te
  28. keys.conf
  29. keystore.te
  30. mac_permissions.xml
  31. mediaserver.te
  32. mls
  33. mls_macros
  34. mtp.te
  35. net.te
  36. netd.te
  37. nfc.te
  38. NOTICE
  39. ping.te
  40. policy_capabilities
  41. port_contexts
  42. ppp.te
  43. property.te
  44. property_contexts
  45. qemud.te
  46. racoon.te
  47. radio.te
  48. README
  49. rild.te
  50. roles
  51. runas.te
  52. sdcardd.te
  53. seapp_contexts
  54. security_classes
  55. selinux-network.sh
  56. servicemanager.te
  57. shell.te
  58. su.te
  59. su_user.te
  60. surfaceflinger.te
  61. system.te
  62. te_macros
  63. tee.te
  64. ueventd.te
  65. unconfined.te
  66. users
  67. vold.te
  68. watchdogd.te
  69. wpa_supplicant.te
  70. zygote.te