Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5207ca6af4eca8d41d16b4017f25ba4cf3420a99
commit5207ca6af4eca8d41d16b4017f25ba4cf3420a99[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Dec 15 08:27:16 2016 -0800
committerNick Kralevich <nnk@google.com>Thu Dec 15 08:28:38 2016 -0800
tree1befc44cfeb89e296bd326e210d09332c81163ae
parent0046853f660a73648512b21153113e790d89bbf6 [diff]
Enforce assumptions around metadata_block_device

Add a compile time assertion that only authorized SELinux domains are
allowed to touch the metadata_block_device. This domain may be wiped at
will, and we want to ensure that we're not inadvertently destroying
other people's data.

Test: policy compiles.
Change-Id: I9854b527c3d83e17f717d6cc8a1c6b50e0e373b6
1 file changed
tree: 1befc44cfeb89e296bd326e210d09332c81163ae
  1. private/
  2. public/
  3. reqd_mask/
  4. tools/
  5. Android.mk
  6. CleanSpec.mk
  7. MODULE_LICENSE_PUBLIC_DOMAIN
  8. NOTICE
  9. PREUPLOAD.cfg
  10. README