Merge changes from topic 'fix-neverallow-violation' into oc-dev

* changes: build: run neverallow checks on platform sepolicy radio: disalllow radio and rild socket for treble devices
2017-06-16 17:14:29 +00:00 · 2017-06-16 17:14:29 +00:00 · 3692b3189e
commit 3692b3189e
parent e9381d5e01 cfb6f35231
2 changed files with 3 additions and 4 deletions
--- a/Android.mk
+++ b/Android.mk
@ -329,7 +329,7 @@ $(LOCAL_BUILT_MODULE): $(plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
 	@mkdir -p $(dir $@)
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c $(POLICYVERS) -o $@ $<
 	$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
-	$(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -N -c $(POLICYVERS) $@ -o /dev/null -f /dev/null
+	$(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o /dev/null -f /dev/null

 built_plat_cil := $(LOCAL_BUILT_MODULE)
 plat_policy.conf :=
--- a/public/radio.te
+++ b/public/radio.te
@ -5,9 +5,8 @@ net_domain(radio)
 bluetooth_domain(radio)
 binder_service(radio)

-# TODO(b/36613472): Remove this once radio no longer communicates with rild over sockets.
-# Talks to rild via the rild socket.
-unix_socket_connect(radio, rild, rild)
+# Talks to rild via the rild socket only for devices without full treble
+not_full_treble(`unix_socket_connect(radio, rild, rild)')

 # Data file accesses.
 allow radio radio_data_file:dir create_dir_perms;