Google Git
Sign in
android / device / google / marlin / e64a9f70a6147bb4ff55ca3f65c23fb1ae7224ab
commite64a9f70a6147bb4ff55ca3f65c23fb1ae7224ab[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Fri Mar 24 16:07:20 2017 -0700
committerAlex Klyubin <klyubin@google.com>Mon Mar 27 08:45:18 2017 -0700
tree0982ea32c0e40dc6a136b9fa6d79afe10460b044
parentdcc3ab2571aeefffbf164f21331708bb75922973 [diff]
Annotate violators of "no sockets between core and vendor" rule

These vendor domains use communicate with core domains over sockets,
which is not permitted. This commit thus temporarily associates these
domains with socket_between_core_and_vendor_violators attribute which
permits this banned behavior to continue for now. This is a temporary
workaround. The fix is to fix these domains to not communicate with
core domains over sockets.

NOTE: Some of the domains on the list are there for a benign reason:
passthrough HALs. Core domains which host passthrough HAL
implementations may initiate socket connections to vendor domains and
this is completely permitted. I could've whitelisted all HAL client
domains in the neverallow rules (using halclientdomain attribute) but
this increases the risk of not noticing banned communications from
these domains. Thus, as a workaround until we stop using passthrough
HALs (b/34274385), I added the affected vendor domains to the list of
exemptions.

Test: mmm system/sepolicy
Bug: 36577153
Change-Id: I525a60e571141117e105e96b2b7e28aed791d56f
12 files changed
tree: 0982ea32c0e40dc6a136b9fa6d79afe10460b044
  1. bluetooth/
  2. camera/
  3. common/
  4. dataservices/
  5. dumpstate/
  6. factory-images_marlin/
  7. factory-images_sailfish/
  8. kernel-headers/
  9. libandroid/
  10. liblight/
  11. marlin/
  12. nfc/
  13. original-kernel-headers/
  14. overlay/
  15. power/
  16. radio/
  17. recovery/
  18. sailfish/
  19. seccomp_policy/
  20. self-extractors/
  21. self-extractors_sailfish/
  22. sensorhal/
  23. sepolicy/
  24. telephony/
  25. thermal/
  26. thermal-engine/
  27. time-services/
  28. usb/
  29. vibrator/
  30. voice_processing/
  31. vr/
  32. aanc_tuning_mixer.txt
  33. Android.bp
  34. Android.mk
  35. AndroidProducts.mk
  36. aosp_marlin.mk
  37. aosp_marlin_svelte.mk
  38. aosp_sailfish.mk
  39. apns-full-conf.xml
  40. audio_effects.conf
  41. audio_output_policy.conf
  42. audio_platform_info.xml
  43. audio_platform_info_tasha_t50.xml
  44. audio_policy_configuration.xml
  45. audio_policy_volumes_drc.xml
  46. charger.fstab.qcom
  47. CleanSpec.mk
  48. default-permissions.xml
  49. device-common.mk
  50. device-marlin.mk
  51. device-sailfish.mk
  52. egl.cfg
  53. fstab.aosp_common
  54. fstab.aosp_svelte
  55. fstab.common
  56. gpio-keys.kl
  57. gps.conf
  58. init.common.diag.rc.user
  59. init.common.diag.rc.userdebug
  60. init.common.nanohub.rc
  61. init.common.rc
  62. init.common.usb.rc
  63. init.foreground.sh
  64. init.mid.sh
  65. init.power.sh
  66. init.qcom.devstart.sh
  67. init.qcom.devwait.sh
  68. init.qcom.qseecomd.sh
  69. init.radio.sh
  70. init.recovery.common.rc
  71. manifest.xml
  72. media_codecs.xml
  73. media_codecs_performance.xml
  74. media_profiles.xml
  75. mixer_paths.xml
  76. mixer_paths_tasha_t50.xml
  77. msm_irqbalance.conf
  78. p2p_supplicant_overlay.conf
  79. preloads_copy.sh
  80. qpnp_pon.kl
  81. recovery.wipe.common
  82. sec_config
  83. sound_trigger_mixer_paths.xml
  84. sound_trigger_mixer_paths_tasha_t50.xml
  85. sound_trigger_platform_info.xml
  86. spn-conf.xml
  87. synaptics_dsx.kl
  88. synaptics_dsxv26.idc
  89. synaptics_rmi4_i2c.kl
  90. system.prop
  91. thermal-engine-marlin-vr.conf
  92. thermal-engine-marlin.conf
  93. ueventd.common.rc
  94. uinput-fpc.idc
  95. uinput-fpc.kl
  96. vendorsetup.sh
  97. vold.fstab
  98. WCNSS_cfg.dat
  99. WCNSS_qcom_cfg.ini
  100. WCNSS_qcom_wlan_nv.bin
  101. wpa_supplicant_overlay.conf
  102. wpa_supplicant_wcn.conf