6e4508e625e29f1a782428447de142e96498b5e4 - android_system_sepolicy

commit	6e4508e625e29f1a782428447de142e96498b5e4	[log] [tgz]
author	Alex Klyubin <klyubin@google.com>	Tue Dec 27 18:05:46 2016 -0800
committer	Alex Klyubin <klyubin@google.com>	Tue Dec 27 18:08:13 2016 -0800
tree	3bc1ce3f5fe5f596d91b5515fc05e3e5e82507c8
parent	0555222dba5f36dca38d9edb066c375fae67197b [diff]

Restrict access to Bluetooth system properties

This removes access to Bluetooth system properties from arbitrary
SELinux domains. Access remains granted to init, bluetooth, and
system_app domains. neverallow rules / CTS enforce that access is not
granted to Zygote and processes spawned from Zygote expcept for
system_app and bluetooth.

The reason is that some of these properties may leak persistent
identifiers not resettable by the user.

Test: Bluetooth pairing and data transfer works
Bug: 33700679
Change-Id: Icdcb3927a423c4011a62942340a498cc1b302472

private/property_contexts[diff]
public/app.te[diff]
public/property.te[diff]
public/webview_zygote.te[diff]
public/zygote.te[diff]

5 files changed

tree: 3bc1ce3f5fe5f596d91b5515fc05e3e5e82507c8

private/
public/
reqd_mask/
tools/
Android.mk
CleanSpec.mk
MODULE_LICENSE_PUBLIC_DOMAIN
NOTICE
PREUPLOAD.cfg
README