Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
sepolicy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package Registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CodeLinaro
public-release-test
platform
system
sepolicy
Commits
2469b32e
Commit
2469b32e
authored
9 years ago
by
Calin Juravle
Browse files
Options
Downloads
Patches
Plain Diff
Remove handling of dalvik-cache/profiles
Bug: 24698874 Bug: 17173268 Change-Id: I8c502ae6aad3cf3c13fae81722c367f45d70fb18
parent
5c57e7c2
No related branches found
No related tags found
No related merge requests found
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
app.te
+0
-4
0 additions, 4 deletions
app.te
domain.te
+0
-1
0 additions, 1 deletion
domain.te
file.te
+0
-2
0 additions, 2 deletions
file.te
file_contexts
+0
-1
0 additions, 1 deletion
file_contexts
installd.te
+0
-4
0 additions, 4 deletions
installd.te
system_server.te
+0
-4
0 additions, 4 deletions
system_server.te
with
0 additions
and
16 deletions
app.te
+
0
−
4
View file @
2469b32e
...
@@ -167,10 +167,6 @@ allow appdomain usbaccessory_device:chr_file { read write getattr };
...
@@ -167,10 +167,6 @@ allow appdomain usbaccessory_device:chr_file { read write getattr };
allow appdomain dalvikcache_data_file:file execute;
allow appdomain dalvikcache_data_file:file execute;
allow appdomain dalvikcache_data_file:lnk_file r_file_perms;
allow appdomain dalvikcache_data_file:lnk_file r_file_perms;
# /data/dalvik-cache/profiles
allow appdomain dalvikcache_profiles_data_file:dir { search getattr };
allow appdomain dalvikcache_profiles_data_file:file rw_file_perms;
# Allow any app to read shared RELRO files.
# Allow any app to read shared RELRO files.
allow appdomain shared_relro_file:dir search;
allow appdomain shared_relro_file:dir search;
allow appdomain shared_relro_file:file r_file_perms;
allow appdomain shared_relro_file:file r_file_perms;
...
...
This diff is collapsed.
Click to expand it.
domain.te
+
0
−
1
View file @
2469b32e
...
@@ -297,7 +297,6 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file
...
@@ -297,7 +297,6 @@ neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file
neverallow { domain -servicemanager } *:binder set_context_mgr;
neverallow { domain -servicemanager } *:binder set_context_mgr;
# Only authorized processes should be writing to files in /data/dalvik-cache
# Only authorized processes should be writing to files in /data/dalvik-cache
# (excluding /data/dalvik-cache/profiles, which is labeled differently)
neverallow {
neverallow {
domain
domain
-init # TODO: limit init to relabelfrom for files
-init # TODO: limit init to relabelfrom for files
...
...
This diff is collapsed.
Click to expand it.
file.te
+
0
−
2
View file @
2469b32e
...
@@ -77,8 +77,6 @@ type apk_private_data_file, file_type, data_file_type;
...
@@ -77,8 +77,6 @@ type apk_private_data_file, file_type, data_file_type;
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
# /data/dalvik-cache
# /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
type dalvikcache_data_file, file_type, data_file_type;
# /data/dalvik-cache/profiles
type dalvikcache_profiles_data_file, file_type, data_file_type, mlstrustedobject;
# /data/resource-cache
# /data/resource-cache
type resourcecache_data_file, file_type, data_file_type;
type resourcecache_data_file, file_type, data_file_type;
# /data/local - writable by shell
# /data/local - writable by shell
...
...
This diff is collapsed.
Click to expand it.
file_contexts
+
0
−
1
View file @
2469b32e
...
@@ -231,7 +231,6 @@
...
@@ -231,7 +231,6 @@
/data/gps(/.*)? u:object_r:gps_data_file:s0
/data/gps(/.*)? u:object_r:gps_data_file:s0
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
/data/dalvik-cache/profiles(/.*)? u:object_r:dalvikcache_profiles_data_file:s0
/data/adb(/.*)? u:object_r:adb_data_file:s0
/data/adb(/.*)? u:object_r:adb_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
...
...
This diff is collapsed.
Click to expand it.
installd.te
+
0
−
4
View file @
2469b32e
...
@@ -59,10 +59,6 @@ allow installd install_data_file:file create_file_perms;
...
@@ -59,10 +59,6 @@ allow installd install_data_file:file create_file_perms;
allow installd dalvikcache_data_file:dir create_dir_perms;
allow installd dalvikcache_data_file:dir create_dir_perms;
allow installd dalvikcache_data_file:file create_file_perms;
allow installd dalvikcache_data_file:file create_file_perms;
# Create /data/dalvik-cache/profiles.
allow installd dalvikcache_profiles_data_file:dir rw_dir_perms;
allow installd dalvikcache_profiles_data_file:file create_file_perms;
# Create files under /data/resource-cache.
# Create files under /data/resource-cache.
allow installd resourcecache_data_file:dir rw_dir_perms;
allow installd resourcecache_data_file:dir rw_dir_perms;
allow installd resourcecache_data_file:file create_file_perms;
allow installd resourcecache_data_file:file create_file_perms;
...
...
This diff is collapsed.
Click to expand it.
system_server.te
+
0
−
4
View file @
2469b32e
...
@@ -208,10 +208,6 @@ allow system_server anr_data_file:file create_file_perms;
...
@@ -208,10 +208,6 @@ allow system_server anr_data_file:file create_file_perms;
allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:file create_file_perms;
allow system_server backup_data_file:file create_file_perms;
# Read from /data/dalvik-cache/profiles
allow system_server dalvikcache_profiles_data_file:dir rw_dir_perms;
allow system_server dalvikcache_profiles_data_file:file create_file_perms;
# Write to /data/system/heapdump
# Write to /data/system/heapdump
allow system_server heapdump_data_file:dir rw_dir_perms;
allow system_server heapdump_data_file:dir rw_dir_perms;
allow system_server heapdump_data_file:file create_file_perms;
allow system_server heapdump_data_file:file create_file_perms;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment