private · e539570694170353ecede5843015b0565f903e6f · CodeLinaro / public-release-test / platform / system / sepolicy

Remove unnecessary rules from NFC HAL clients

Alex Klyubin authored 8 years ago

Rules in clients of NFC HAL due to the HAL running (or previously
running) in passthrough mode are now targeting hal_nfc. Domains which
are clients of NFC HAL are associated with hal_nfc only the the HAL
runs in passthrough mode. NFC HAL server domains are always associated
with hal_nfc and thus get these rules unconditionally.

This commit also moves the policy of nfc domain to private. The only
thing remaining in the public policy is the existence of this domain.
This is needed because there are references to this domain in public
and vendor policy.

Test: Open a URL in Chrome, NFC-tap Android to another Android and
      observe that the same URL is opened in a web browser on the
      destination device. Do the same reversing the roles of the two
      Androids.
Test: Install an NFC reader app, tap a passive NFC tag with the
      Android and observe that the app is displaying information about
      the tag.
Test: No SELinux denials to do with NFC before and during and after
      the above tests on sailfish, bullhead, and angler.
Bug: 34170079

Change-Id: I29fe43f63d64b286c28eb19a3a9fe4f630612226

e5395706

Name	Last commit	Last update
..
access_vectors
adbd.te
app.te
app_neverallows.te
atrace.te
audioserver.te
binderservicedomain.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
cppreopts.te
dexoptanalyzer.te
dhcp.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
gatekeeperd.te
genfs_contexts
hal_allocator_default.te
halclientdomain.te
halserverdomain.te
healthd.te
hostapd.te
hwservicemanager.te
incident.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaserver.te
mls
mls_decl
mls_macros
mtp.te
net.te
netd.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
priv_app.te
property_contexts
racoon.te
radio.te
recovery_persist.te
recovery_refresh.te
roles_decl
runas.te
sdcardd.te
seapp_contexts
security_classes
sensord.te
service_contexts
servicemanager.te
shared_relro.te
shell.te
storaged.te
su.te
surfaceflinger.te
system_app.te
system_server.te
tee.te
tombstoned.te
toolbox.te
tzdatacheck.te