Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 4c110ff19b751c237819ac5fed3471277a74c07d
commit4c110ff19b751c237819ac5fed3471277a74c07d[log] [tgz]
authorInseob Kim <inseob@google.com>Thu Nov 26 21:50:23 2020 +0900
committerInseob Kim <inseob@google.com>Mon Nov 30 18:34:30 2020 +0900
tree52727b117e8c8a6f8f8a49be93d40a6851575ac7
parentaff923a4697b2109b8a887d5db1fc3be7c5c3c5d [diff]
Use attributes for exclusive property owners

tests/sepolicy_tests.py has been checking whether the property owner
attributes are mutually exclusive. This is because current policy
language can't express the following snippet:

    neverallow domain {
        system_property_type && vendor_property_type
    }:file no_rw_file_perms;

    neverallow domain {
        system_property_type && vendor_property_type
    }:property_service set;

This uses technical_debt.cil to workaround this.

Bug: 171437654
Test: Try to compile a type having both system_property_type and
      vendor_property_type
Change-Id: Ic65f2d00aa0f2fb7f5d78331b0a26e733fcd128e
3 files changed
tree: 52727b117e8c8a6f8f8a49be93d40a6851575ac7
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk