Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / bc8dc3aa9d03598fc69df3e0b3990cddcf807616^! / . / prebuilts / api / 29.0 / private / mac_permissions.xml
commitbc8dc3aa9d03598fc69df3e0b3990cddcf807616[log] [tgz]
authorTri Vo <trong@google.com>Sun May 26 13:17:08 2019 -0700
committerTri Vo <trong@google.com>Sun May 26 14:19:26 2019 -0700
tree68f796377c8252d188bca113981996217ed28eb3
parentb693197a34902c7d92006b2173a69d9620ee3e9f [diff] [blame]
DO NOT MERGE Fake 29.0 sepolicy prebuilts

I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:

mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec

Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5

diff --git a/prebuilts/api/29.0/private/mac_permissions.xml b/prebuilts/api/29.0/private/mac_permissions.xml
new file mode 100644
index 0000000..7fc37c1
--- /dev/null
+++ b/prebuilts/api/29.0/private/mac_permissions.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+    * A signature is a hex encoded X.509 certificate or a tag defined in
+      keys.conf and is required for each signer tag. The signature can
+      either appear as a set of attached cert child tags or as an attribute.
+    * A signer tag must contain a seinfo tag XOR multiple package stanzas.
+    * Each signer/package tag is allowed to contain one seinfo tag. This tag
+      represents additional info that each app can use in setting a SELinux security
+      context on the eventual process as well as the apps data directory.
+    * seinfo assignments are made according to the following rules:
+      - Stanzas with package name refinements will be checked first.
+      - Stanzas w/o package name refinements will be checked second.
+      - The "default" seinfo label is automatically applied.
+
+    * valid stanzas can take one of the following forms:
+
+     // single cert protecting seinfo
+     <signer signature="@PLATFORM" >
+       <seinfo value="platform" />
+     </signer>
+
+     // multiple certs protecting seinfo (all contained certs must match)
+     <signer>
+       <cert signature="@PLATFORM1"/>
+       <cert signature="@PLATFORM2"/>
+       <seinfo value="platform" />
+     </signer>
+
+     // single cert protecting explicitly named app
+     <signer signature="@PLATFORM" >
+       <package name="com.android.foo">
+         <seinfo value="bar" />
+       </package>
+     </signer>
+
+     // multiple certs protecting explicitly named app (all certs must match)
+     <signer>
+       <cert signature="@PLATFORM1"/>
+       <cert signature="@PLATFORM2"/>
+       <package name="com.android.foo">
+         <seinfo value="bar" />
+       </package>
+     </signer>
+-->
+
+    <!-- Platform dev key in AOSP -->
+    <signer signature="@PLATFORM" >
+      <seinfo value="platform" />
+    </signer>
+
+    <!-- Media key in AOSP -->
+    <signer signature="@MEDIA" >
+      <seinfo value="media" />
+    </signer>
+
+    <signer signature="@NETWORK_STACK" >
+      <seinfo value="network_stack" />
+    </signer>
+</policy>