More granular vendor access to /system files.
This change limits global access to /system files down to: /system/bin/linker* /system/lib[64]/* /system/etc/ld.config* /system/etc/seccomp_policy/* /system/etc/security/cacerts/* /system/usr/share/zoneinfo/* Bug: 111243627 Test: boot device, browse internet without denials to system_* types. Test: VtsHalDrmV1_{1, 0}TargetTest without denials Change-Id: I69894b29733979c2bc944ac80229e84de5d519f4
Showing
- private/compat/26.0/26.0.cil 7 additions, 1 deletionprivate/compat/26.0/26.0.cil
- private/compat/27.0/27.0.cil 7 additions, 1 deletionprivate/compat/27.0/27.0.cil
- private/compat/28.0/28.0.cil 7 additions, 1 deletionprivate/compat/28.0/28.0.cil
- private/file_contexts 6 additions, 0 deletionsprivate/file_contexts
- public/domain.te 39 additions, 6 deletionspublic/domain.te
- public/file.te 10 additions, 0 deletionspublic/file.te
- public/hal_drm.te 0 additions, 5 deletionspublic/hal_drm.te
- public/hal_health.te 0 additions, 5 deletionspublic/hal_health.te
- public/hal_telephony.te 0 additions, 1 deletionpublic/hal_telephony.te
- public/healthd.te 0 additions, 4 deletionspublic/healthd.te
- vendor/hal_gnss_default.te 0 additions, 5 deletionsvendor/hal_gnss_default.te
Please register or sign in to comment