Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / e207986ea08feebd04f32cd2beff0b1602d08074
commite207986ea08feebd04f32cd2beff0b1602d08074[log] [tgz]
authorAndres Morales <anmorales@google.com>Fri Apr 03 16:46:33 2015 -0700
committerAndres Morales <anmorales@google.com>Mon Apr 06 16:46:58 2015 -0700
tree60709dfa0dfdcb796141f712848b81e4f003b6fc
parentc24d90cb5991ee53842c8fddf526187767ec92ec [diff]
SELinux permissions for gatekeeper TEE proxy

sets up:
- execute permissions
- binder permission (system_server->gatekeeper->keystore)
- prevents dumpstate and shell from finding GK binder service
- neverallow rules for prohibited clients

Change-Id: I1817933a91de625db469a20c7a4c8e2ca46efa1e
7 files changed
tree: 60709dfa0dfdcb796141f712848b81e4f003b6fc
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. blkid.te
  9. blkid_untrusted.te
  10. bluetooth.te
  11. bootanim.te
  12. clatd.te
  13. debuggerd.te
  14. device.te
  15. dex2oat.te
  16. dhcp.te
  17. dnsmasq.te
  18. domain.te
  19. drmserver.te
  20. dumpstate.te
  21. file.te
  22. file_contexts
  23. fs_use
  24. fsck.te
  25. fsck_untrusted.te
  26. gatekeeperd.te
  27. genfs_contexts
  28. global_macros
  29. gpsd.te
  30. hci_attach.te
  31. healthd.te
  32. hostapd.te
  33. init.te
  34. initial_sid_contexts
  35. initial_sids
  36. inputflinger.te
  37. install_recovery.te
  38. installd.te
  39. isolated_app.te
  40. kernel.te
  41. keys.conf
  42. keystore.te
  43. lmkd.te
  44. logd.te
  45. mac_permissions.xml
  46. mdnsd.te
  47. mediaserver.te
  48. mls
  49. mls_macros
  50. mtp.te
  51. net.te
  52. netd.te
  53. neverallow_macros
  54. nfc.te
  55. NOTICE
  56. platform_app.te
  57. policy_capabilities
  58. port_contexts
  59. ppp.te
  60. procrank.te
  61. property.te
  62. property_contexts
  63. racoon.te
  64. radio.te
  65. README
  66. recovery.te
  67. rild.te
  68. roles
  69. runas.te
  70. sdcardd.te
  71. seapp_contexts
  72. security_classes
  73. service.te
  74. service_contexts
  75. servicemanager.te
  76. sgdisk.te
  77. shared_relro.te
  78. shell.te
  79. slideshow.te
  80. su.te
  81. surfaceflinger.te
  82. system_app.te
  83. system_server.te
  84. te_macros
  85. tee.te
  86. toolbox.te
  87. ueventd.te
  88. uncrypt.te
  89. untrusted_app.te
  90. users
  91. vdc.te
  92. vold.te
  93. watchdogd.te
  94. wpa.te
  95. zygote.te