Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / cd62a4a56a5a0cec5268e343e19561b4ddd569b4
commitcd62a4a56a5a0cec5268e343e19561b4ddd569b4[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Tue Jan 14 14:27:45 2020 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Tue Jan 14 14:59:08 2020 -0500
treeb8cde1df27fb3559ef9381a8a68bd2e674e7cd6c
parent184fe45549da14b48b36f4b89b0abc1e34ff60c9 [diff]
access_vectors: re-organize common file perms

The open, audit_access, execmod, and watch* permissions
are all defined in the COMMON_FILE_PERMS in the kernel
classmap and inherited by all the file-related classes;
we can do the same in the policy by putting them into the
common file declaration.

refpolicy recently similarly reorganized its definitions and added the
watch* permissions to common file, see:
https://github.com/SELinuxProject/refpolicy/commit/e5dbe7527690d95cced0e58052746fb59d9321c7
https://github.com/SELinuxProject/refpolicy/commit/c656b97a289ce6c2da2871700384f0f9d831be18
https://github.com/SELinuxProject/refpolicy/commit/3952ecb4dd4435c8e017a0d2733ba49b02730764

Adding new permissions to the end of the existing classes was only
required for kernels that predate the dynamic class/perm mapping
support (< v2.6.33).

Test: policy still builds

Change-Id: I44a2c3a94c21ed23410b6f807af7f1179e2c1747
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed
tree: b8cde1df27fb3559ef9381a8a68bd2e674e7cd6c
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. treble_sepolicy_tests_for_release.mk