Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / 5c1fe61eaa20d1a47a148e3318229a47e616c834
commit5c1fe61eaa20d1a47a148e3318229a47e616c834[log] [tgz]
authorTri Vo <trong@google.com>Sat Aug 11 15:34:49 2018 -0700
committerTri Vo <trong@google.com>Thu Sep 20 03:07:50 2018 +0000
treef112dcda7bc0aba4318178aa8ff6de87167f24da
parent342362ae3e1afa577a73dc7f154a9de7da96edc4 [diff]
More granular vendor access to /system files.

This change limits global access to /system files down to:
/system/bin/linker*
/system/lib[64]/*
/system/etc/ld.config*
/system/etc/seccomp_policy/*
/system/etc/security/cacerts/*
/system/usr/share/zoneinfo/*

Bug: 111243627
Test: boot device, browse internet without denials to system_* types.
Test: VtsHalDrmV1_{1, 0}TargetTest without denials
Change-Id: I69894b29733979c2bc944ac80229e84de5d519f4
11 files changed
tree: f112dcda7bc0aba4318178aa8ff6de87167f24da
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk