Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8e553a415fafbc05c29ae998fb0710f1a988cf1c
commit8e553a415fafbc05c29ae998fb0710f1a988cf1c[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Mar 25 17:42:37 2015 -0700
committerNick Kralevich <nnk@google.com>Wed Mar 25 17:42:37 2015 -0700
tree79c07a335858e563d8cfa155610b7488a81e1ba5
parent21186a1fc3019f44ce43260c15c7510a7d80004c [diff]
runas: don't allow capabilities other than setuid/setgid

Add a compile time assertion that capabilities other than setuid
and setgid are never granted to run-as.

This is a compile time assertion only. No new capabilities are granted
or removed.

Change-Id: Ie86d651b539cdfb6f3eaafef0d5d3b716610a220
1 file changed
tree: 79c07a335858e563d8cfa155610b7488a81e1ba5
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dex2oat.te
  14. dhcp.te
  15. dnsmasq.te
  16. domain.te
  17. drmserver.te
  18. dumpstate.te
  19. file.te
  20. file_contexts
  21. fs_use
  22. fsck.te
  23. genfs_contexts
  24. global_macros
  25. gpsd.te
  26. hci_attach.te
  27. healthd.te
  28. hostapd.te
  29. init.te
  30. initial_sid_contexts
  31. initial_sids
  32. inputflinger.te
  33. install_recovery.te
  34. installd.te
  35. isolated_app.te
  36. kernel.te
  37. keys.conf
  38. keystore.te
  39. lmkd.te
  40. logd.te
  41. mac_permissions.xml
  42. mdnsd.te
  43. mediaserver.te
  44. mls
  45. mls_macros
  46. mtp.te
  47. net.te
  48. netd.te
  49. neverallow_macros
  50. nfc.te
  51. NOTICE
  52. platform_app.te
  53. policy_capabilities
  54. port_contexts
  55. ppp.te
  56. procrank.te
  57. property.te
  58. property_contexts
  59. racoon.te
  60. radio.te
  61. README
  62. recovery.te
  63. rild.te
  64. roles
  65. runas.te
  66. sdcardd.te
  67. seapp_contexts
  68. security_classes
  69. service.te
  70. service_contexts
  71. servicemanager.te
  72. shared_relro.te
  73. shell.te
  74. slideshow.te
  75. su.te
  76. surfaceflinger.te
  77. system_app.te
  78. system_server.te
  79. te_macros
  80. tee.te
  81. toolbox.te
  82. ueventd.te
  83. uncrypt.te
  84. untrusted_app.te
  85. users
  86. vdc.te
  87. vold.te
  88. watchdogd.te
  89. wpa.te
  90. zygote.te