- Dec 17, 2015
-
-
Nick Kralevich authored
Both angler and bullhead violate these SELinux rules. Bullhead: tee has access to these files Angler: system_server has read/write access to these files. Fixes the following compile time error: libsepol.report_failure: neverallow on line 32 of external/sepolicy/fingerprintd.te (or line 6704 of policy.conf) violated by allow tee fingerprintd_data_file:file { ioctl read write create setattr lock append rename open }; libsepol.check_assertions: 1 neverallow failures occurred Error while expanding policy out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/bullhead/obj/ETC/sepolicy_intermediates/policy.conf This reverts commit 604a8cae. Change-Id: Iabb8f2e9de96f9082cd6a790d1af80cbc6a569b1 -
Nick Kralevich authored
Only fingerprintd should be creating/reading/writing/etc from /data/system/users/[0-9]+/fpdata(/.*)? . Add a neverallow rule (compile time assertion + CTS test) to ensure no regressions. Change-Id: I30261a4bd880f5c4f3d90d1686a6267f60bdd413
-
- Nov 03, 2015
-
-
Jeff Vander Stoep authored
Motivation: Domain is overly permissive. Start removing permissions from domain and assign them to the domain_deprecated attribute. Domain_deprecated and domain can initially be assigned to all domains. The goal is to not assign domain_deprecated to new domains and to start removing domain_deprecated where it is not required or reassigning the appropriate permissions to the inheriting domain when necessary. Bug: 25433265 Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c
-
- May 20, 2015
-
-
Jim Miller authored
Change-Id: Ibcb714248c28abf21272986facaade376dcbd7ef
-
