android_system_sepolicy

Author SHA1 Message Date

Author	SHA1	Message	Date
Andreas Gampe	59d5d90da8	Sepolicy: Allow everyone to search keyrings Allow everyone to look for keys in the fsverity keyring. This is required to access fsverity-protected files, at all. This set of permissions is analogous to allowances for the fscrypt keyring and keys. Bug: 125474642 Test: m Test: manual Change-Id: I6e8c13272cdd76d9940d950e9dabecdb210691b1	2019-03-14 13:21:07 -07:00
Andreas Gampe	6cd179f992	Sepolicy: Fix APEX boot integrity Update copy-paste comment header. Fix file access to the right type. Follow-up to commit `1845b406fc`. Bug 125474642 Test: m Test: boot Change-Id: I33bfef51c78ca581063c0f950e1837546d013050	2019-03-13 13:38:31 -07:00
Andreas Gampe	1845b406fc	Sepolicy: ART APEX boot integrity Add ART boot integrity check domain. Give it rights to run fsverity and delete boot classpath artifacts. Bug 125474642 Test: m Test: boot Change-Id: I933add9b1895ed85c43ec712ced6ffe8f820c7ec	2019-03-12 22:26:17 -07:00

Andreas Gampe

59d5d90da8

Sepolicy: Allow everyone to search keyrings

Allow everyone to look for keys in the fsverity keyring. This is
required to access fsverity-protected files, at all.

This set of permissions is analogous to allowances for the fscrypt
keyring and keys.

Bug: 125474642
Test: m
Test: manual
Change-Id: I6e8c13272cdd76d9940d950e9dabecdb210691b1

2019-03-14 13:21:07 -07:00

Andreas Gampe

6cd179f992

Sepolicy: Fix APEX boot integrity

Update copy-paste comment header. Fix file access to the right
type.

Follow-up to commit 1845b406fc.

Bug 125474642
Test: m
Test: boot

Change-Id: I33bfef51c78ca581063c0f950e1837546d013050

2019-03-13 13:38:31 -07:00

Andreas Gampe

1845b406fc

Sepolicy: ART APEX boot integrity

Add ART boot integrity check domain. Give it rights to run
fsverity and delete boot classpath artifacts.

Bug 125474642
Test: m
Test: boot
Change-Id: I933add9b1895ed85c43ec712ced6ffe8f820c7ec

2019-03-12 22:26:17 -07:00

3 Commits