2c8bf56f9698923641a0628bae37fe9b2033c0bb - android_system_sepolicy

commit	2c8bf56f9698923641a0628bae37fe9b2033c0bb	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri May 30 09:42:01 2014 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Fri May 30 09:42:01 2014 -0400
tree	c9f1b9d39e34eda0038fc366fc30ce3456564eac
parent	f85c1fc293523db241c48d815b165067b8a0f471 [diff]

Only auditallow unlabeled accesses not allowed elsewhere.

https://android-review.googlesource.com/#/c/95900/ added further
unlabeled rules for installd and added explicit unlabeled rules for
vold and system_server.  Exclude these permissions from the auditallow
rules on unlabeled so that we only see the ones that would be denied if
we were to remove the allow domain rules here.

Change-Id: I2b9349ad6606bcb6a74a7e67343a8a9e5d70174c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

domain.te[diff]

1 file changed

tree: c9f1b9d39e34eda0038fc366fc30ce3456564eac

tools/
access_vectors
adbd.te
Android.mk
app.te
attributes
binderservicedomain.te
bluetooth.te
bootanim.te
clatd.te
debuggerd.te
device.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
file.te
file_contexts
fs_use
genfs_contexts
global_macros
gpsd.te
hci_attach.te
healthd.te
hostapd.te
init.te
init_shell.te
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
mac_permissions.xml
mdnsd.te
mediaserver.te
mls
mls_macros
mtp.te
net.te
netd.te
nfc.te
NOTICE
platform_app.te
policy_capabilities
port_contexts
ppp.te
property.te
property_contexts
racoon.te
radio.te
README
recovery.te
rild.te
roles
runas.te
sdcardd.te
seapp_contexts
security_classes
selinux-network.sh
servicemanager.te
shared_relro.te
shell.te
shelldomain.te
su.te
surfaceflinger.te
system_app.te
system_server.te
te_macros
tee.te
ueventd.te
unconfined.te
uncrypt.te
untrusted_app.te
users
vold.te
watchdogd.te
wpa.te
zygote.te