a893edae3716b33be62edf1b5f3336e6f6bb251b - LeafOS-Project/android_system_sepolicy

commit	a893edae3716b33be62edf1b5f3336e6f6bb251b	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Mon Jun 23 12:47:16 2014 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Mon Jun 23 12:50:57 2014 -0400
tree	101454e7f1a419eef9940caeda781e799102d0ac
parent	bb75dd732bd690c9bc6017679a3630a123266161 [diff]

Remove execmod access to system_file and exec_type.

execmod is checked on attempts to make executable a file mapping
that has been modified.  Typically this indicates a text relocation
attempt.  As we do not ever allow this for any confined domain to
system_file or exec_type, we should not need it for unconfineddomain
either.

Change-Id: I8fdc858f836ae0d2aa56da2abd7797fba9c258b1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

unconfined.te[diff]

1 file changed

tree: 101454e7f1a419eef9940caeda781e799102d0ac

tools/
access_vectors
adbd.te
Android.mk
app.te
attributes
binderservicedomain.te
bluetooth.te
bootanim.te
clatd.te
debuggerd.te
device.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
file.te
file_contexts
fs_use
genfs_contexts
global_macros
gpsd.te
hci_attach.te
healthd.te
hostapd.te
init.te
init_shell.te
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
mac_permissions.xml
mdnsd.te
mediaserver.te
mls
mls_macros
mtp.te
net.te
netd.te
nfc.te
NOTICE
platform_app.te
policy_capabilities
port_contexts
ppp.te
property.te
property_contexts
racoon.te
radio.te
README
recovery.te
rild.te
roles
runas.te
sdcardd.te
seapp_contexts
security_classes
selinux-network.sh
service.te
service_contexts
servicemanager.te
shared_relro.te
shell.te
su.te
surfaceflinger.te
system_app.te
system_server.te
te_macros
tee.te
ueventd.te
unconfined.te
uncrypt.te
untrusted_app.te
users
vdc.te
vold.te
watchdogd.te
wpa.te
zygote.te