public · a194d3757aae59ac59ee62a3b2a6d60be48b4cbb · CodeLinaro / public-release-test / platform / system / sepolicy

An error occurred while fetching folder content.

Nick Kralevich authored 6 years ago

1b1d133b added the process2 class but
forgot to suppress SELinux denials associated with these permissions
for the su domain. Suppress them.

Ensure xdp_socket is in socket_class_set, so the existing dontaudit rule
in su.te is relevant. Inspired by
https://github.com/SELinuxProject/refpolicy/commit/66a337eec6d7244e44e51936835b4e904f275a02

Add xdp_socket to various other neverallow rules.

Test: policy compiles.
Change-Id: If5422ecfa0cc864a51dd69559a51d759e078c8e7

a194d375

Name	Last commit	Last update
..
adbd.te
apexd.te
app.te
asan_extract.te
attributes
audioserver.te
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
charger.te
clatd.te
cppreopts.te
crash_dump.te
device.te
dex2oat.te
dhcp.te
display_service_server.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
e2fs.te
ephemeral_app.te
fastbootd.te
file.te
fingerprintd.te
flags_heatlh_check.te
fsck.te
fsck_untrusted.te
fwk_bufferhub.te
gatekeeperd.te
global_macros
hal_allocator.te
hal_atrace.te
hal_audio.te
hal_audiocontrol.te
hal_authsecret.te
hal_bluetooth.te
hal_bootctl.te
hal_broadcastradio.te
hal_camera.te
hal_cas.te
hal_configstore.te
hal_confirmationui.te
hal_contexthub.te
hal_drm.te
hal_dumpstate.te
hal_evs.te
hal_fingerprint.te
hal_gatekeeper.te
hal_gnss.te
hal_graphics_allocator.te
hal_graphics_composer.te
hal_health.te
hal_health_storage.te
hal_ir.te
hal_keymaster.te
hal_light.te
hal_lowpan.te
hal_memtrack.te
hal_neuralnetworks.te
hal_neverallows.te
hal_nfc.te
hal_oemlock.te
hal_omx.te
hal_power.te
hal_secure_element.te
hal_sensors.te
hal_system_suspend.te
hal_telephony.te
hal_tetheroffload.te
hal_thermal.te
hal_tv_cec.te
hal_tv_input.te
hal_usb.te
hal_usb_gadget.te
hal_vehicle.te
hal_vibrator.te
hal_vr.te
hal_weaver.te
hal_wifi.te
hal_wifi_hostapd.te
hal_wifi_offload.te
hal_wifi_supplicant.te
healthd.te
heapprofd.te
hwservice.te
hwservicemanager.te
idmap.te
incident.te
incident_helper.te
incidentd.te
init.te
inputflinger.te
install_recovery.te
installd.te