f5446eb148
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor apps) are not permitted to use Binder. This commit thus: * groups non-vendor domains using the new "coredomain" attribute, * adds neverallow rules restricting Binder use to coredomain and appdomain only, and * temporarily exempts the domains which are currently violating this rule from this restriction. These domains are grouped using the new "binder_in_vendor_violators" attribute. The attribute is needed because the types corresponding to violators are not exposed to the public policy where the neverallow rules are. Test: mmm system/sepolicy Test: Device boots, no new denials Test: In Chrome, navigate to ip6.me, play a YouTube video Test: YouTube: play a video Test: Netflix: play a movie Test: Google Camera: take a photo, take an HDR+ photo, record video with sound, record slow motion video with sound. Confirm videos play back fine and with sound. Bug: 35870313 Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95 |
||
---|---|---|
.. | ||
file_contexts | ||
hal_audio_default.te | ||
hal_bluetooth_default.te | ||
hal_bootctl_default.te | ||
hal_camera_default.te | ||
hal_configstore_default.te | ||
hal_contexthub_default.te | ||
hal_drm_default.te | ||
hal_dumpstate_default.te | ||
hal_fingerprint_default.te | ||
hal_gatekeeper_default.te | ||
hal_gnss_default.te | ||
hal_graphics_allocator_default.te | ||
hal_graphics_composer_default.te | ||
hal_health_default.te | ||
hal_ir_default.te | ||
hal_keymaster_default.te | ||
hal_light_default.te | ||
hal_memtrack_default.te | ||
hal_nfc_default.te | ||
hal_power_default.te | ||
hal_sensors_default.te | ||
hal_thermal_default.te | ||
hal_usb_default.te | ||
hal_vibrator_default.te | ||
hal_vr_default.te | ||
hal_wifi_default.te | ||
hal_wifi_supplicant_default.te | ||
rild.te | ||
vndservicemanager.te |