Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Compare History
user avatar
sepolicy: Define validate_trans permission
Stephen Smalley authored 
Kernel commit f9df6458218f4fe ("selinux: export validatetrans
decisions") introduced a /sys/fs/selinux/validatetrans pseudo file
for use by userspace file system servers and defined a new validatetrans
permission to control its use.

Define the new permission in the Android SELinux policy.
This change only defines the new permission; it does not allow it
to any domains by default.

This avoids a kernel message warning about the undefined permission on
the policy load, ala:
SELinux:  Permission validate_trans in class security not defined in policy.

Test: Policy builds

Change-Id: Ib922a83b7d8f94905207663a72f7a1bc3db8d2c2
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
50992311
Name Last commit Last update
..
access_vectors
adbd.te
app.te
app_neverallows.te
atrace.te
audioserver.te
binder_in_vendor_violators.te
binderservicedomain.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
charger.te
clatd.te
cppreopts.te
crash_dump.te
dex2oat.te
dexoptanalyzer.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
fsck_untrusted.te
gatekeeperd.te
genfs_contexts
hal_allocator_default.te
halclientdomain.te
halserverdomain.te
healthd.te
hostapd.te
hwservicemanager.te
idmap.te
incident.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
mediaserver.te
mls
mls_decl
mls_macros
modprobe.te
mtp.te
net.te
netd.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
preopt2cachename.te
priv_app.te
profman.te
property_contexts
racoon.te
radio.te
recovery.te
recovery_persist.te
recovery_refresh.te
roles_decl
runas.te
sdcardd.te
seapp_contexts
security_classes
sensord.te