Grant for icmp_socket for devices with 4.14 or greater kernel, and
rawip_socket for devices with earlier kernels.
Bug: 122572608
Test: build
Change-Id: I1c9d2ce6761dbd2c4db3635600c5f5c335461083
Vendor domains may use net_domain() so it should be moved to public
policy. This will allow removal of permissions such as rawip_socket
in future releases without breaking Treble compatiblity.
Bug: 122572608
Test: build
Change-Id: Id84feb11587d305334cd9dbbc6e4f6f71ffff6f2
This leaves only the existence of netdomain attribute as public API.
All other rules are implementation details of this attribute's policy
and are thus now private.
Test: No change to policy according to sesearch, except for
disappearance of all allow rules to do with netdomain_current
and *_current attributes targeted when netdomain rules reference
public types.
Bug: 31364497
Change-Id: I102e649374681ce1dd9e1e5ccbaaa5cb754e00a0
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
