Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f8ad33985d954236a204c2fa9b8ac376e05d1613
commitf8ad33985d954236a204c2fa9b8ac376e05d1613[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Tue Oct 27 17:35:33 2020 +0000
committerAlan Stokes <alanstokes@google.com>Wed Nov 11 14:43:36 2020 +0000
tree5be74b315607c861d32910b1abaf821a120f2dba
parent2680a1b55c2489939ff8d5b9a25230f65ec67cbf [diff]
Introduce app_data_file_type attribute.

This gives us an easy way for the policy to refer to all existing or
future types used for app private data files in type= assignments in
seapp_contexts.

Apply the label to all the existing types, then refactor rules to use
the new attribute.

This is intended as a pure refactoring, except that:
- Some neverallow rules are extended to cover types they previous
omitted;
- We allow iorap_inode2filename limited access to shell_data_file and
  nfc_data_file;
- We allow zygote limited access to system_app_data_file.

This mostly reverts the revert in commit
b01e1d97bf1320d54c8641cfff687f13f32013bf, restoring commit
27e0c740f1894e9a390b7105255eb29401d25c35. Changes to check_seapp to
enforce use of app_data_file_type is omitted, to be included in a
following CL.

Test: Presubmits
Bug: 171795911
Change-Id: I02b31e7b3d5634c94763387284b5a154fe5b71b4
11 files changed
tree: 5be74b315607c861d32910b1abaf821a120f2dba
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk