private/drmserver.te · b9d5d207906f41305e5161f1e6c17c932bc83a6d · CodeLinaro / public-release-test / platform / system / sepolicy

"public/platform_app.te" did not exist on "566e8fe2580ce7d6a8ef76ffce6b457b4e71dd63"

8 years ago

Tighten restrictions on core <-> vendor socket comms · 2f6151ea

Alex Klyubin authored 8 years ago

This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e

2f6151ea

History

Tighten restrictions on core <-> vendor socket comms

Alex Klyubin authored 8 years ago

This futher restricts neverallows for sockets which may be exposed as
filesystem nodes. This is achieved by labelling all such sockets
created by core/non-vendor domains using the new coredomain_socket
attribute, and then adding neverallow rules targeting that attribute.

This has now effect on what domains are permitted to do. This only
changes neverallow rules.

Test: mmm system/sepolicy
Bug: 36577153

(cherry picked from commit cf2ffdf0)

Change-Id: Iffeee571a2ff61fb9515fa6849d060649636524e