Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5fe69e082ac44aba637469fc59fee9f311c8d20b
commit5fe69e082ac44aba637469fc59fee9f311c8d20b[log] [tgz]
authorMarco Ballesio <balejs@google.com>Thu Sep 03 12:07:33 2020 -0700
committerMarco Ballesio <balejs@google.com>Thu Sep 03 14:12:17 2020 -0700
treec7f717e5b5adecfae358a8718ac97b6d3f0b0b7d
parentbc1fbf57fa504c5a958fc3005ab83669244b58e4 [diff]
sepolicy: restrict BINDER_FREEZE to system_server

BINDER_FREEZE is used to block ipc transactions to frozen processes, so
only system_server must be allowed to use it.

Bug: 143717177
Test: manually verified that attempts to use BINDER_FREEZE by processes
other
than system_server receive a sepolicy denial
Test: verified that system_server can enable/disable the freezer in
binder

Change-Id: I0fae3585c6ec409809e8085c1cc9862be4755889
4 files changed
tree: c7f717e5b5adecfae358a8718ac97b6d3f0b0b7d
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk