PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "NNAPI property to disable extensions use on GSI/AOSP product partition."

Browse Source 
am: d385346ada

Change-Id: I9afa8f205fca303d1451f89cff81d4e9dcfe0784
This commit is contained in:
Przemyslaw Szczepaniak 2019-04-03 02:24:15 -07:00 committed by android-build-merger
commit b97cabd363
5 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
private/compat/28.0/28.0.ignore.cil
View File

@ -99,6 +99,7 @@
network_stack
network_stack_service
network_stack_tmpfs
nnapi_ext_deny_product_prop
overlayfs_file
password_slot_metadata_file
permissionmgr_service

4
private/property_contexts
View File

@ -191,3 +191,7 @@ bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0
gsid. u:object_r:gsid_prop:s0
ro.gsid. u:object_r:gsid_prop:s0
# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
# which can't use NNAPI vendor extensions).
ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0

8
public/hal_neuralnetworks.te
View File

@ -11,3 +11,11 @@ allow hal_neuralnetworks_server app_data_file:file { read write getattr map };
# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
# property to determine whether to deny NNAPI extensions use for apps
# on product partition (apps in GSI are not allowed to use NNAPI extensions).
get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop);
# This property is only expected to be found in /product/build.prop,
# allow to be set only by init.
neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;

1
public/property.te
View File

@ -64,6 +64,7 @@ type net_dns_prop, property_type;
type net_radio_prop, property_type, core_property_type;
type netd_stable_secret_prop, property_type;
type nfc_prop, property_type, core_property_type;
type nnapi_ext_deny_product_prop, property_type;
type overlay_prop, property_type;
type pan_result_prop, property_type, core_property_type;
type persist_debug_prop, property_type, core_property_type;

1
public/vendor_init.te
View File

@ -206,6 +206,7 @@ not_compatible_property(`
-last_boot_reason_prop
-apexd_prop
-gsid_prop
-nnapi_ext_deny_product_prop
})
')