cdae7debe68bf20521085237b80da9417328841b - android_system_sepolicy

commit	cdae7debe68bf20521085237b80da9417328841b	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed May 14 09:31:06 2014 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Wed May 14 09:31:06 2014 -0400
tree	eab2671dbc7cb4ddd371a0e89ef58c8370340e5a
parent	f78fb4e0c8ae49bb73e691a37de00f2d5b66f9e1 [diff]

Drop unused rules for raw I/O, mknod, and block device access.

We added these rules to the kernel domain when we removed them
from unconfined to ensure that we did not break anything.  But
we have seen no uses of these rules and this matches our expectation
that any actual operations that require these permissions occurs
after switching to the init domain.

Change-Id: I6f3556a26b0f6f4e6effcb874bfc9498e7dfaa47
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

kernel.te[diff]

1 file changed

tree: eab2671dbc7cb4ddd371a0e89ef58c8370340e5a

tools/
access_vectors
adbd.te
Android.mk
app.te
attributes
binderservicedomain.te
bluetooth.te
bootanim.te
clatd.te
debuggerd.te
device.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
file.te
file_contexts
fs_use
genfs_contexts
global_macros
gpsd.te
hci_attach.te
healthd.te
hostapd.te
init.te
init_shell.te
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
mac_permissions.xml
mdnsd.te
mediaserver.te
mls
mls_macros
mtp.te
net.te
netd.te
nfc.te
NOTICE
platform_app.te
policy_capabilities
port_contexts
ppp.te
property.te
property_contexts
racoon.te
radio.te
README
recovery.te
rild.te
roles
runas.te
sdcardd.te
seapp_contexts
security_classes
selinux-network.sh
servicemanager.te
shell.te
shelldomain.te
su.te
surfaceflinger.te
system_app.te
system_server.te
te_macros
tee.te
ueventd.te
unconfined.te
uncrypt.te
untrusted_app.te
users
vold.te
watchdogd.te
wpa.te
zygote.te