From 2ae575b08018bcdddaa0ca44ef14f484fd360c53 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 17 Oct 2017 13:07:54 -0700
Subject: [PATCH] Start tracking platform/vendor data access violations

As part of Treble, enforce that the communication between platform
and vendor components use the official hw binder APIs. Prevent sharing
of data by file path. Platform and vendor components may share
files, but only via FD passed over hw binder.

This change adds the violators attribute that will be used to mark
violating domains that need to be fixed.

Bug: 34980020
Test: build
Change-Id: Id9acfbbc86bfd6fd0633b8164a37ce94d25ffa2c
---
 public/attributes | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/public/attributes b/public/attributes
index 986b0ed2a..c25f1ebc8 100644
--- a/public/attributes
+++ b/public/attributes
@@ -148,6 +148,12 @@ expandattribute socket_between_core_and_vendor_violators false;
 attribute vendor_executes_system_violators;
 expandattribute vendor_executes_system_violators false;
 
+# All domains which violate the requirement of not sharing files by path
+# between between vendor and core domains.
+# TODO(b/34980020)
+attribute data_between_core_and_vendor_violators;
+expandattribute data_between_core_and_vendor_violators false;
+
 # hwservices that are accessible from untrusted applications
 # WARNING: Use of this attribute should be avoided unless
 # absolutely necessary.  It is a temporary allowance to aid the
-- 
GitLab