Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6a7a72b07a5da8fcb8e2f4984bbdd3b035aef9ad
commit6a7a72b07a5da8fcb8e2f4984bbdd3b035aef9ad[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Sep 05 09:54:43 2019 -0700
committerNick Kralevich <nnk@google.com>Thu Sep 05 09:54:43 2019 -0700
treeafed7cecd6e9dfa985e98690ec20d1537ad21c1d
parentb56a49d979c228400abaae849e9df95d0c834f51 [diff]
neverallow_macros: add watch* perms

In cases where directory read access has been neverallowed via
no_rw_dir_perms, also neverallow the various watch* permissions.
If read was disallowed by the neverallow assertions, there's an
assumption that watch was also intended to not be allowed. Make that
assumption explicit.

References:
* https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ac5656d8a4cdd93cd2c74355ed12e5617817e0e7
* https://android.googlesource.com/platform/system/sepolicy/+/c4ab8edf7476ac8f247e5f1b2efbe282a693be06
* https://android.googlesource.com/platform/system/sepolicy/+/dddbaaf1e8791f8fffde424aa09a6e135f973771

Test: compiles
Change-Id: I8139eaf1165a5090c7b48e45f353170e58ddf1d9
1 file changed
tree: afed7cecd6e9dfa985e98690ec20d1537ad21c1d
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. treble_sepolicy_tests_for_release.mk