e8c9fdac46c2ae972fd9e0f97b442d59b349e718 - LeafOS-Project/android_system_sepolicy

commit	e8c9fdac46c2ae972fd9e0f97b442d59b349e718	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Thu Apr 03 08:51:38 2014 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Thu Apr 03 08:51:38 2014 -0400
tree	07b4d852471258117f0acbfa47e9aaac84042e92
parent	888d283c30784bb61d4bd10878c85634b31da1d3 [diff]

Exclude audit-related capabilities from unconfined domains.

Require them to be explicitly granted by specific allow rules.
audit_write is required to write an audit message from userspace.
audit_control is required to configure the audit subsystem.

Change-Id: I5aa4e3228f9b0bde3570689fe7a0d68e56861a17
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

unconfined.te[diff]

1 file changed

tree: 07b4d852471258117f0acbfa47e9aaac84042e92

tools/
access_vectors
adbd.te
Android.mk
app.te
attributes
binderservicedomain.te
bluetooth.te
bootanim.te
clatd.te
debuggerd.te
device.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
file.te
file_contexts
fs_use
genfs_contexts
global_macros
gpsd.te
hci_attach.te
healthd.te
hostapd.te
init.te
init_shell.te
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
mac_permissions.xml
mdnsd.te
media_app.te
mediaserver.te
mls
mls_macros
mtp.te
net.te
netd.te
nfc.te
NOTICE
platform_app.te
platformappdomain.te
policy_capabilities
port_contexts
ppp.te
property.te
property_contexts
racoon.te
radio.te
README
recovery.te
release_app.te
rild.te
roles
runas.te
sdcardd.te
seapp_contexts
security_classes
selinux-network.sh
servicemanager.te
shared_app.te
shell.te
shelldomain.te
su.te
surfaceflinger.te
system_app.te
system_server.te
te_macros
tee.te
ueventd.te
unconfined.te
uncrypt.te
untrusted_app.te
users
vold.te
watchdogd.te
wpa.te
zygote.te