- Feb 06, 2017
-
-
Chad Brubaker authored
The rules for the two types were the same and /data/app-ephemeral is being removed. Remove these types. Test: Builds Change-Id: I520c026395551ad1362dd2ced53c601d9e6f9b28
-
- Jan 19, 2017
-
-
Chad Brubaker authored
Ephemeral apps cannot open files from external storage, but can be given access to files via the file picker. Test: ACTION_OPEN_DOCUMENTS from an ephemeral app returns a readable fd. Change-Id: Ie21b64a9633eff258be254b9cd86f282db1509e8
-
Chad Brubaker authored
Ephemeral apps are still apps with very similar capabilities, it makes more sense to have them under appdomain and benefit from the shared state (and all the neverallow rules) than to try and dupplicate them and keep them in sync. This is an initial move, there are parts of ephemeral_app that still need to be locked down further and some parts of appdomain that should be pushed down into the various app domains. Test: Builds, ephemeral apps work without denials. Change-Id: I1526b2c2aa783a91fbf6543ac7f6d0d9906d70af
-
- Jan 09, 2017
-
-
Alex Klyubin authored
This leaves only the existence of ephemeral_app domain as public API. All other rules are implementation details of this domain's policy and are thus now private. There are a few rules, defined by other domains' files remaining in the public policy until the rules from these domains also move to the private policy: allow ephemeral_app_current appdomain:binder transfer; allow ephemeral_app_current audioserver_current:binder transfer; allow ephemeral_app_current drmserver_current:binder transfer; allow ephemeral_app_current dumpstate_current:binder transfer; allow ephemeral_app_current mediaserver_current:binder transfer; allow ephemeral_app_current surfaceflinger_current:binder transfer; allow ephemeral_app_current system_server_current:binder transfer; Test: No change to policy according to sesearch, except for disappearance of all allow rules from platform_app_current attribute (as expected). Bug: 31364497 Change-Id: I98687181434a98a141469ef676c461fcd1db2d4e
-
- Dec 06, 2016
-
-
dcashman authored
In order to support platform changes without simultaneous updates from non-platform components, the platform and non-platform policies must be split. In order to provide a guarantee that policy written for non-platform objects continues to provide the same access, all types exposed to non-platform policy are versioned by converting them and the policy using them into attributes. This change performs that split, the subsequent versioning and also generates a mapping file to glue the different policy components together. Test: Device boots and runs. Bug: 31369363 Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317
-
- Oct 07, 2016
-
-
Chad Brubaker authored
Test: Builds and boots Change-Id: I3db64e12f0390c6940f5745eae83ce7efa7d65a9
-
- Oct 06, 2016
-
-
dcashman authored
Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
-