Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 200a9f0e20337b48824cf621a017e2852245e5ca
commit200a9f0e20337b48824cf621a017e2852245e5ca[log] [tgz]
authorNick Kralevich <nnk@google.com>Mon Sep 22 15:41:38 2014 -0700
committerNick Kralevich <nnk@google.com>Mon Sep 22 22:49:00 2014 +0000
tree335e965250181c369a80f4e63262bed51fc9f5f0
parent642b80427ec2e95eb13cf03a74d814f240813e71 [diff]
relax appdomain efs_file neverallow rules

During factory provisioning, some manufacturers may need to pull files
from /factory (label efs_file and bluetooth_efs_file) to collect
device specific identifiers such as the mac address, using commands
similar to the following:

  adb shell cat /factory/ssn
  adb shell cat /factory/bt/bd_addr.conf
  adb shell cat /factory/wifi/mac.txt
  adb shell cat /factory/60isn

read-only access to these files is currently disallowed by a
neverallow rule. Relax the rules to allow read-only access to the
shell user if desired.

No new SELinux rules are added or deleted by this change. This is
only a relaxation in what's allowed for vendor specific policy.

Bug: 17600278
Change-Id: I13f33f996c077918dce70a5cff31a87eac436678
1 file changed
tree: 335e965250181c369a80f4e63262bed51fc9f5f0
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dex2oat.te
  14. dhcp.te
  15. dnsmasq.te
  16. domain.te
  17. drmserver.te
  18. dumpstate.te
  19. file.te
  20. file_contexts
  21. fs_use
  22. genfs_contexts
  23. global_macros
  24. gpsd.te
  25. hci_attach.te
  26. healthd.te
  27. hostapd.te
  28. init.te
  29. init_shell.te
  30. initial_sid_contexts
  31. initial_sids
  32. inputflinger.te
  33. install_recovery.te
  34. installd.te
  35. isolated_app.te
  36. kernel.te
  37. keys.conf
  38. keystore.te
  39. lmkd.te
  40. logd.te
  41. mac_permissions.xml
  42. mdnsd.te
  43. mediaserver.te
  44. mls
  45. mls_macros
  46. mtp.te
  47. net.te
  48. netd.te
  49. nfc.te
  50. NOTICE
  51. platform_app.te
  52. policy_capabilities
  53. port_contexts
  54. ppp.te
  55. property.te
  56. property_contexts
  57. racoon.te
  58. radio.te
  59. README
  60. recovery.te
  61. rild.te
  62. roles
  63. runas.te
  64. sdcardd.te
  65. seapp_contexts
  66. security_classes
  67. selinux-network.sh
  68. service.te
  69. service_contexts
  70. servicemanager.te
  71. shared_relro.te
  72. shell.te
  73. su.te
  74. surfaceflinger.te
  75. system_app.te
  76. system_server.te
  77. te_macros
  78. tee.te
  79. ueventd.te
  80. unconfined.te
  81. uncrypt.te
  82. untrusted_app.te
  83. users
  84. vdc.te
  85. vold.te
  86. watchdogd.te
  87. wpa.te
  88. zygote.te