PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7bec967402
android_system_sepolicy/private
History
Steven Thomas 7bec967402 Selinux changes for vr flinger vsync service 
Add selinux policy for the new Binder-based vr flinger vsync service.

Bug: 72890037

Test: - Manually confirmed that I can't bind to the new vsync service
from a normal Android application, and system processes (other than
vr_hwc) are prevented from connecting by selinux.

- Confirmed the CTS test
  android.security.cts.SELinuxHostTest#testAospServiceContexts, when
  built from the local source tree with this CL applied, passes.

- Confirmed the CTS test
  android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules521,
  when built from the local source tree with this CL applied, passes.

Change-Id: Ib7a6bfcb1c2ebe1051f3accc18b481be1b188b06
2018-07-13 17:17:01 -07:00
..
compat
access_vectors
adbd.te
app_neverallows.te
app.te
asan_extract.te
atrace.te
audioserver.te
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
blkid_untrusted.te
blkid.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bpfloader.te
bufferhubd.te
bug_map
cameraserver.te
charger.te
clatd.te
coredomain.te
cppreopts.te
crash_dump.te
dex2oat.te
dexoptanalyzer.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file_contexts
file_contexts_asan
file.te
fingerprintd.te
fs_use
fsck_untrusted.te
fsck.te
gatekeeperd.te
genfs_contexts
hal_allocator_default.te
halclientdomain.te
halserverdomain.te
healthd.te
hwservice_contexts
hwservicemanager.te
idmap.te
incident_helper.te
incident.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
llkd.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
mediaserver.te
mls
mls_decl
mls_macros
modprobe.te
mtp.te
net.te
netd.te
netutils_wrapper.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
perfetto.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall_dexopt.te
postinstall.te
ppp.te
preopt2cachename.te
priv_app.te
profman.te
property_contexts
racoon.te
radio.te
recovery_persist.te
recovery_refresh.te
recovery.te
roles_decl
runas.te
sdcardd.te
seapp_contexts
secure_element.te
security_classes
service_contexts
service.te
servicemanager.te
sgdisk.te
shared_relro.te
shell.te
slideshow.te
stats.te
statsd.te
storaged.te
su.te
surfaceflinger.te
system_app.te
system_server.te
technical_debt.cil
thermalserviced.te
tombstoned.te
toolbox.te
traced_probes.te
traced.te
traceur_app.te
tzdatacheck.te
ueventd.te
uncrypt.te
untrusted_app_25.te
untrusted_app_27.te
untrusted_app_all.te
untrusted_app.te
untrusted_v2_app.te
update_engine_common.te
update_engine.te
update_verifier.te
usbd.te
users
vdc.te
vendor_init.te
virtual_touchpad.te
vold_prepare_subdirs.te
vold.te
vr_hwc.te
wait_for_keymaster.te
watchdogd.te
webview_zygote.te
wificond.te
wpantund.te
zygote.te