Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 669a97730376e919813411fcfdddac35bd7236ae
commit669a97730376e919813411fcfdddac35bd7236ae[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Fri Oct 03 09:53:45 2014 -0400
committerNick Kralevich <nnk@google.com>Mon Oct 06 23:31:18 2014 +0000
tree6beb4b2b8dc563b18136246b9405c72a4ac2e9ce
parent59bc00ab898bc4d06593051b0fe4e702ca2569e2 [diff]
Do not allow isolated_app to directly open app data files.

Only allow it to read/write/stat already open app data files
received via Binder or local socket IPC.

Change-Id: I3c096607a74fd0f360d41f3e6f06535ca00c58ec
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2 files changed
tree: 6beb4b2b8dc563b18136246b9405c72a4ac2e9ce
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dex2oat.te
  14. dhcp.te
  15. dnsmasq.te
  16. domain.te
  17. drmserver.te
  18. dumpstate.te
  19. file.te
  20. file_contexts
  21. fs_use
  22. fsck.te
  23. genfs_contexts
  24. global_macros
  25. gpsd.te
  26. hci_attach.te
  27. healthd.te
  28. hostapd.te
  29. init.te
  30. init_shell.te
  31. initial_sid_contexts
  32. initial_sids
  33. inputflinger.te
  34. install_recovery.te
  35. installd.te
  36. isolated_app.te
  37. kernel.te
  38. keys.conf
  39. keystore.te
  40. lmkd.te
  41. logd.te
  42. mac_permissions.xml
  43. mdnsd.te
  44. mediaserver.te
  45. mls
  46. mls_macros
  47. mtp.te
  48. net.te
  49. netd.te
  50. nfc.te
  51. NOTICE
  52. platform_app.te
  53. policy_capabilities
  54. port_contexts
  55. ppp.te
  56. property.te
  57. property_contexts
  58. racoon.te
  59. radio.te
  60. README
  61. recovery.te
  62. rild.te
  63. roles
  64. runas.te
  65. sdcardd.te
  66. seapp_contexts
  67. security_classes
  68. selinux-network.sh
  69. service.te
  70. service_contexts
  71. servicemanager.te
  72. shared_relro.te
  73. shell.te
  74. su.te
  75. surfaceflinger.te
  76. system_app.te
  77. system_server.te
  78. te_macros
  79. tee.te
  80. toolbox.te
  81. ueventd.te
  82. unconfined.te
  83. uncrypt.te
  84. untrusted_app.te
  85. users
  86. vdc.te
  87. vold.te
  88. watchdogd.te
  89. wpa.te
  90. zygote.te