Merge changes from topic 'fix-neverallow-violation' into oc-dev
* changes: build: run neverallow checks on platform sepolicy radio: disalllow radio and rild socket for treble devices
This commit is contained in:
commit
3692b3189e
@ -329,7 +329,7 @@ $(LOCAL_BUILT_MODULE): $(plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
|
||||
@mkdir -p $(dir $@)
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c $(POLICYVERS) -o $@ $<
|
||||
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -N -c $(POLICYVERS) $@ -o /dev/null -f /dev/null
|
||||
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o /dev/null -f /dev/null
|
||||
|
||||
built_plat_cil := $(LOCAL_BUILT_MODULE)
|
||||
plat_policy.conf :=
|
||||
|
@ -5,9 +5,8 @@ net_domain(radio)
|
||||
bluetooth_domain(radio)
|
||||
binder_service(radio)
|
||||
|
||||
# TODO(b/36613472): Remove this once radio no longer communicates with rild over sockets.
|
||||
# Talks to rild via the rild socket.
|
||||
unix_socket_connect(radio, rild, rild)
|
||||
# Talks to rild via the rild socket only for devices without full treble
|
||||
not_full_treble(`unix_socket_connect(radio, rild, rild)')
|
||||
|
||||
# Data file accesses.
|
||||
allow radio radio_data_file:dir create_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user