PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c27c23fbdb
android_system_sepolicy/private
History
Max c27c23fbdb /dev/port does not seem to be used, adding in rules to confirm. 
Only init and ueventd have any access to /dev/port, and neither should
have any use for it. As it stands, leaving port in just represents
additional attack surface with no useful functionality, so it should be
removed if possible, not only from Pixel devices, but from all Android
devices.

Test: The phone boots successfully

Bug:33301618
Change-Id: Iedc51590f1ffda02444587d647889ead9bdece3f
2016-12-04 16:46:11 -08:00
..
access_vectors access_vectors: Remove unused permission definitions 2016-11-21 23:41:18 +00:00
adbd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
atrace.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
audioserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bluetooth.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootanim.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootstat.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cameraserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cppreopts.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
debuggerd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dhcp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
drmserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dumpstate.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ephemeral_app.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
file_contexts /dev/port does not seem to be used, adding in rules to confirm. 2016-12-04 16:46:11 -08:00
file_contexts_asan Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fingerprintd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fs_use Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
gatekeeperd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
genfs_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hal_audio.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_boot.te sepolicy for boot_control HAL service 2016-10-25 13:33:48 -07:00
hal_graphics_allocator.te Add sepolicy for gralloc-alloc HAL 2016-11-14 01:09:51 +00:00
hal_graphics_composer.te Add sepolicy for hwcomposer HAL 2016-11-14 01:10:02 +00:00
hal_light_default.te Move hal_light to attribute. 2016-11-18 08:40:04 -08:00
hal_memtrack.te hal_memtrack: Add sepolicy for memtrack service. 2016-11-03 13:05:48 -07:00
hal_nfc.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_power.te hal_power: Add sepolicy for power service. 2016-11-03 13:01:48 -07:00
hal_thermal.te sepolicy: Add policy for thermal HIDL service 2016-11-08 13:34:31 +01:00
hal_vibrator.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_vr.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_wifi.te wifi_hal: Rename to 'hal_wifi' 2016-10-28 09:00:31 -07:00
hci_attach.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hostapd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hwservicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
init.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sid_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sids Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
install_recovery.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
installd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
kernel.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keys.conf Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keystore.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
lmkd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
logd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mac_permissions.xml Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mdnsd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaanalytics.te Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
mediacodec.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediadrmserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaextractor.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mls Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mls_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mtp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
netd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_chroot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_slot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
perfprofd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
policy_capabilities Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
port_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall_dexopt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ppp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
property_contexts property.te: delete security_prop 2016-11-11 12:31:19 -08:00
racoon.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
recovery_persist.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
recovery_refresh.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
rild.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
roles Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
runas.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sdcardd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
seapp_contexts Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
security_classes Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
service_contexts Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
servicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
su.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
surfaceflinger.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
system_server.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tee.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
toolbox.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tzdatacheck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ueventd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
uncrypt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
users Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vold.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
webview_zygote.te Add the "webview_zygote" domain. 2016-11-11 10:13:17 -05:00
wificond.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
wpa.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
zygote.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00