Skip to content
Snippets Groups Projects
Select Git revision
  • test default
1 result
Compare History
user avatar
untrusted_app: policy versioning based on targetSdkVersion
Jeff Vander Stoep authored 
Motivation:
Provide the ability to phase in new security policies by
applying them to apps with a minimum targetSdkVersion.

Place untrusted apps with targetSdkVersion<=25 into the
untrustd_app_25 domain. Apps with targetSdkVersion>=26 are placed
into the untrusted_app domain. Common rules are included in the
untrusted_app_all attribute. Apps with a more recent targetSdkVersion
are granted fewer permissions.

Test: Marlin builds and boots. Apps targeting targetSdkVersion<=25
run in untrusted_app_25 domain. Apps targeting the current development
build >=26 run in the untrusted_app domain with fewer permissions. No
new denials observed during testing.
Bug: 34115651
Bug: 35323421
Change-Id: Ie6a015566fac07c44ea06c963c40793fcdc9a083
bacb6d79
Name Last commit Last update
..
access_vectors
adbd.te
app.te
app_neverallows.te
atrace.te
audioserver.te
binderservicedomain.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
cppreopts.te
crash_dump.te
dexoptanalyzer.te
dhcp.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
gatekeeperd.te
genfs_contexts
hal_allocator.te
hal_audio_default.te
hal_bluetooth_default.te
hal_boot.te
hal_camera_default.te
hal_configstore_default.te
hal_contexthub_default.te
hal_drm_default.te
hal_dumpstate_default.te
hal_fingerprint_default.te
hal_gatekeeper_default.te
hal_gnss_default.te
hal_graphics_allocator_default.te
hal_health_default.te
hal_ir_default.te
hal_keymaster.te
hal_light_default.te
hal_memtrack_default.te
hal_nfc_default.te
hal_power_default.te
hal_sensors_default.te
hal_thermal_default.te
hal_usb_default.te
hal_vibrator_default.te
hal_vr_default.te
hal_wifi_default.te
haldomain.te
healthd.te
hostapd.te
hwservicemanager.te
incident.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaserver.te
mls
mls_decl
mls_macros
mtp.te
net.te
netd.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te