Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 631a5a8e485ee030f97a6e2d42aefbf18e92c4d8
commit631a5a8e485ee030f97a6e2d42aefbf18e92c4d8[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Fri Jun 20 13:54:10 2014 -0400
committerStephen Smalley <sds@tycho.nsa.gov>Fri Jun 20 13:54:10 2014 -0400
treebdcfe9a2d46b6ad496b005588516056f204f3a0b
parent04b8a75c2f7532821a2a098a95d884931a91807c [diff]
Remove app_data_file access from unconfineddomain.

Require app_data_file access to be explicitly allowed to
each domain.  We especially do not want to allow
app_data_file:lnk_file read to any privileged domain.
But removing app_data_file access in general can be useful
in protecting app data from rogue daemons.

Change-Id: I46240562bce76579e108495ab15833e143841ad8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed
tree: bdcfe9a2d46b6ad496b005588516056f204f3a0b
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dhcp.te
  14. dnsmasq.te
  15. domain.te
  16. drmserver.te
  17. dumpstate.te
  18. file.te
  19. file_contexts
  20. fs_use
  21. genfs_contexts
  22. global_macros
  23. gpsd.te
  24. hci_attach.te
  25. healthd.te
  26. hostapd.te
  27. init.te
  28. init_shell.te
  29. initial_sid_contexts
  30. initial_sids
  31. inputflinger.te
  32. installd.te
  33. isolated_app.te
  34. kernel.te
  35. keys.conf
  36. keystore.te
  37. lmkd.te
  38. logd.te
  39. mac_permissions.xml
  40. mdnsd.te
  41. mediaserver.te
  42. mls
  43. mls_macros
  44. mtp.te
  45. net.te
  46. netd.te
  47. nfc.te
  48. NOTICE
  49. platform_app.te
  50. policy_capabilities
  51. port_contexts
  52. ppp.te
  53. property.te
  54. property_contexts
  55. racoon.te
  56. radio.te
  57. README
  58. recovery.te
  59. rild.te
  60. roles
  61. runas.te
  62. sdcardd.te
  63. seapp_contexts
  64. security_classes
  65. selinux-network.sh
  66. service.te
  67. service_contexts
  68. servicemanager.te
  69. shared_relro.te
  70. shell.te
  71. su.te
  72. surfaceflinger.te
  73. system_app.te
  74. system_server.te
  75. te_macros
  76. tee.te
  77. ueventd.te
  78. unconfined.te
  79. uncrypt.te
  80. untrusted_app.te
  81. users
  82. vold.te
  83. watchdogd.te
  84. wpa.te
  85. zygote.te