Merge "Use prefixes for binder cache SELinux properties." am: 749e119053
Change-Id: Id67aea768d7f86a2cd409fd99dd25d0bbec8bb5f
This commit is contained in:
commit
403c7c3a57
@ -22,6 +22,7 @@
|
|||||||
blob_store_service
|
blob_store_service
|
||||||
binder_cache_bluetooth_server_prop
|
binder_cache_bluetooth_server_prop
|
||||||
binder_cache_system_server_prop
|
binder_cache_system_server_prop
|
||||||
|
binder_cache_telephony_server_prop
|
||||||
binderfs
|
binderfs
|
||||||
binderfs_logs
|
binderfs_logs
|
||||||
binderfs_logs_proc
|
binderfs_logs_proc
|
||||||
|
@ -15,3 +15,8 @@ allow radio uce_service:service_manager find;
|
|||||||
# Manage /data/misc/emergencynumberdb
|
# Manage /data/misc/emergencynumberdb
|
||||||
allow radio emergency_data_file:dir r_dir_perms;
|
allow radio emergency_data_file:dir r_dir_perms;
|
||||||
allow radio emergency_data_file:file r_file_perms;
|
allow radio emergency_data_file:file r_file_perms;
|
||||||
|
|
||||||
|
# allow telephony to access related cache properties
|
||||||
|
set_prop(radio, binder_cache_telephony_server_prop);
|
||||||
|
neverallow { domain -radio -init }
|
||||||
|
binder_cache_telephony_server_prop:property_service set;
|
||||||
|
@ -112,6 +112,7 @@ get_prop(domain, vndk_prop)
|
|||||||
# Binder cache properties are world-readable
|
# Binder cache properties are world-readable
|
||||||
get_prop(domain, binder_cache_bluetooth_server_prop)
|
get_prop(domain, binder_cache_bluetooth_server_prop)
|
||||||
get_prop(domain, binder_cache_system_server_prop)
|
get_prop(domain, binder_cache_system_server_prop)
|
||||||
|
get_prop(domain, binder_cache_telephony_server_prop)
|
||||||
|
|
||||||
# Let everyone read log properties, so that liblog can avoid sending unloggable
|
# Let everyone read log properties, so that liblog can avoid sending unloggable
|
||||||
# messages to logd.
|
# messages to logd.
|
||||||
|
@ -66,6 +66,7 @@ compatible_property_only(`
|
|||||||
# Properties used by binder caches
|
# Properties used by binder caches
|
||||||
system_restricted_prop(binder_cache_bluetooth_server_prop)
|
system_restricted_prop(binder_cache_bluetooth_server_prop)
|
||||||
system_restricted_prop(binder_cache_system_server_prop)
|
system_restricted_prop(binder_cache_system_server_prop)
|
||||||
|
system_restricted_prop(binder_cache_telephony_server_prop)
|
||||||
system_restricted_prop(bq_config_prop)
|
system_restricted_prop(bq_config_prop)
|
||||||
system_restricted_prop(module_sdkextensions_prop)
|
system_restricted_prop(module_sdkextensions_prop)
|
||||||
system_restricted_prop(nnapi_ext_deny_product_prop)
|
system_restricted_prop(nnapi_ext_deny_product_prop)
|
||||||
|
@ -439,10 +439,6 @@ ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 ex
|
|||||||
# Binder cache properties. These are world-readable
|
# Binder cache properties. These are world-readable
|
||||||
cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
|
cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
|
||||||
cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
|
cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
|
||||||
cache_key.bluetooth.get_bond_state u:object_r:binder_cache_bluetooth_server_prop:s0
|
|
||||||
cache_key.bluetooth.get_profile_connection_state u:object_r:binder_cache_bluetooth_server_prop:s0
|
|
||||||
cache_key.bluetooth.get_state u:object_r:binder_cache_bluetooth_server_prop:s0
|
|
||||||
cache_key.bluetooth.is_offloaded_filtering_supported u:object_r:binder_cache_bluetooth_server_prop:s0
|
|
||||||
cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
|
cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
|
||||||
cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
|
cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
|
||||||
cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
|
cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
|
||||||
@ -452,3 +448,7 @@ cache_key.volume_list u:object_r:binder_cache_system_server_p
|
|||||||
cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
|
cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
|
||||||
cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
|
cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
|
||||||
cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
|
cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
|
||||||
|
|
||||||
|
cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
|
||||||
|
cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
|
||||||
|
cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
|
||||||
|
Loading…
Reference in New Issue
Block a user