Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / a194d3757aae59ac59ee62a3b2a6d60be48b4cbb
commita194d3757aae59ac59ee62a3b2a6d60be48b4cbb[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Nov 16 02:48:03 2018 -0800
committerNick Kralevich <nnk@google.com>Fri Nov 16 03:10:14 2018 -0800
treeae2fc546cba36029173cb604acf253c96835cc45
parente00ca14cbbf3256f36d145bf219879833ddccf9b [diff]
Tighten up handling of new classes

1b1d133be5350989cbd6c09e4f000e146f9ab7ae added the process2 class but
forgot to suppress SELinux denials associated with these permissions
for the su domain. Suppress them.

Ensure xdp_socket is in socket_class_set, so the existing dontaudit rule
in su.te is relevant. Inspired by
https://github.com/SELinuxProject/refpolicy/commit/66a337eec6d7244e44e51936835b4e904f275a02

Add xdp_socket to various other neverallow rules.

Test: policy compiles.
Change-Id: If5422ecfa0cc864a51dd69559a51d759e078c8e7
5 files changed
tree: ae2fc546cba36029173cb604acf253c96835cc45
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. definitions.mk
  15. MODULE_LICENSE_PUBLIC_DOMAIN
  16. NOTICE
  17. OWNERS
  18. PREUPLOAD.cfg
  19. README
  20. treble_sepolicy_tests_for_release.mk