Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / d99e6d5fa135882bb51878a3c68ed3a2aebe7d04
commitd99e6d5fa135882bb51878a3c68ed3a2aebe7d04[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Mon Dec 02 14:18:11 2013 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Mon Dec 02 15:59:04 2013 -0500
tree1c4cc818450c8a48b30cb267f3aeb7149c7a437d
parent51ce2f00c5410574015ba751b6e03fbddf12c176 [diff]
Restrict the ability to set SELinux enforcing mode to init.

Also make su and shell permissive in non-user builds to allow
use of setenforce without violating the neverallow rule.

Change-Id: Ie76ee04e90d5a76dfaa5f56e9e3eb7e283328a3f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
8 files changed
tree: 1c4cc818450c8a48b30cb267f3aeb7149c7a437d
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. bluetooth.te
  8. clatd.te
  9. debuggerd.te
  10. device.te
  11. dhcp.te
  12. dnsmasq.te
  13. domain.te
  14. drmserver.te
  15. file.te
  16. file_contexts
  17. fs_use
  18. genfs_contexts
  19. global_macros
  20. gpsd.te
  21. hci_attach.te
  22. healthd.te
  23. hostapd.te
  24. init.te
  25. init_shell.te
  26. initial_sid_contexts
  27. initial_sids
  28. installd.te
  29. isolated_app.te
  30. kernel.te
  31. keys.conf
  32. keystore.te
  33. mac_permissions.xml
  34. media_app.te
  35. mediaserver.te
  36. mls
  37. mls_macros
  38. mtp.te
  39. net.te
  40. netd.te
  41. nfc.te
  42. NOTICE
  43. ping.te
  44. platform_app.te
  45. policy_capabilities
  46. port_contexts
  47. ppp.te
  48. property.te
  49. property_contexts
  50. qemud.te
  51. racoon.te
  52. radio.te
  53. README
  54. release_app.te
  55. rild.te
  56. roles
  57. runas.te
  58. sdcardd.te
  59. seapp_contexts
  60. security_classes
  61. selinux-network.sh
  62. servicemanager.te
  63. shared_app.te
  64. shell.te
  65. shell_user.te
  66. su.te
  67. su_user.te
  68. surfaceflinger.te
  69. system_app.te
  70. system_server.te
  71. te_macros
  72. tee.te
  73. ueventd.te
  74. unconfined.te
  75. untrusted_app.te
  76. users
  77. vold.te
  78. watchdogd.te
  79. wpa_supplicant.te
  80. zygote.te