android_system_sepolicy

Author	SHA1	Message	Date
Andreas Gampe	15e02450f1	Sepolicy: Fix comment on apexd:fd use The file descriptors for /dev/zero are no longer open. However, a descriptor to the shell is still inherited. Update the comment. Bug: 126787589 Test: m Test: manual Change-Id: I0d4518d2ba771622ea969bbf02827db45788bc09	2019-03-15 11:26:05 -07:00
Andreas Gampe	59d5d90da8	Sepolicy: Allow everyone to search keyrings Allow everyone to look for keys in the fsverity keyring. This is required to access fsverity-protected files, at all. This set of permissions is analogous to allowances for the fscrypt keyring and keys. Bug: 125474642 Test: m Test: manual Change-Id: I6e8c13272cdd76d9940d950e9dabecdb210691b1	2019-03-14 13:21:07 -07:00
Andreas Gampe	57346a0566	Sepolicy: Add runtime APEX preinstall fsverity permissions Add rights to create and install fsverity data. Bug: 125474642 Test: m Change-Id: I752c40c7b396b2da082cb17641702a2c5c11b9c3	2019-02-28 05:12:56 -08:00
Andreas Gampe	ae127d8340	Sepolicy: Add base runtime APEX preinstall policies Add art_apex_preinstall domain that is allowed to create AoT artifacts in /data/ota. Bug: 125474642 Test: m Change-Id: Ia091d8df34c4be4f84c2052d3c333a0e36bcb036	2019-02-28 05:12:56 -08:00