Google Git
Sign in
android / platform / external / sepolicy / f2c4e1283e91f7a91963d1d68a27f515027d97b4
commitf2c4e1283e91f7a91963d1d68a27f515027d97b4[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Jul 14 11:46:30 2015 -0700
committerNick Kralevich <nnk@google.com>Tue Jul 14 13:06:12 2015 -0700
treec4a671005e277bc734ca3a9f27d857705590954b
parent10a3a36a6e9009664ecdb9a9d98100a897912469 [diff]
neverallow service_manager / service_manager_type

Init never uses / add service manager services. It doesn't make
sense to allow these rules to init. Adding a rule of this type
is typically caused by a process inappropriately running in init's
SELinux domain, and the warning message:

  Warning!  Service %s needs a SELinux domain defined; please fix!

is ignored.

In addition, add neverallow rules to domain.te which prevent
nonsense SELinux service_manager rules from being added.

Change-Id: Id04a50d1826fe451a9ed216aa7ab249d0393cc57
2 files changed
tree: c4a671005e277bc734ca3a9f27d857705590954b
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. blkid.te
  9. blkid_untrusted.te
  10. bluetooth.te
  11. bootanim.te
  12. clatd.te
  13. debuggerd.te
  14. device.te
  15. dex2oat.te
  16. dhcp.te
  17. dnsmasq.te
  18. domain.te
  19. drmserver.te
  20. dumpstate.te
  21. file.te
  22. file_contexts
  23. file_contexts_asan
  24. fs_use
  25. fsck.te
  26. fsck_untrusted.te
  27. gatekeeperd.te
  28. genfs_contexts
  29. global_macros
  30. gpsd.te
  31. hci_attach.te
  32. healthd.te
  33. hostapd.te
  34. idmap.te
  35. init.te
  36. initial_sid_contexts
  37. initial_sids
  38. inputflinger.te
  39. install_recovery.te
  40. installd.te
  41. isolated_app.te
  42. kernel.te
  43. keys.conf
  44. keystore.te
  45. lmkd.te
  46. logd.te
  47. mac_permissions.xml
  48. mdnsd.te
  49. mediaserver.te
  50. mls
  51. mls_macros
  52. MODULE_LICENSE_PUBLIC_DOMAIN
  53. mtp.te
  54. net.te
  55. netd.te
  56. neverallow_macros
  57. nfc.te
  58. NOTICE
  59. perfprofd.te
  60. platform_app.te
  61. policy_capabilities
  62. port_contexts
  63. ppp.te
  64. procrank.te
  65. property.te
  66. property_contexts
  67. racoon.te
  68. radio.te
  69. README
  70. recovery.te
  71. rild.te
  72. roles
  73. runas.te
  74. sdcardd.te
  75. seapp_contexts
  76. security_classes
  77. service.te
  78. service_contexts
  79. servicemanager.te
  80. sgdisk.te
  81. shared_relro.te
  82. shell.te
  83. slideshow.te
  84. su.te
  85. surfaceflinger.te
  86. system_app.te
  87. system_server.te
  88. te_macros
  89. tee.te
  90. toolbox.te
  91. tzdatacheck.te
  92. ueventd.te
  93. uncrypt.te
  94. untrusted_app.te
  95. users
  96. vdc.te
  97. vold.te
  98. watchdogd.te
  99. wpa.te
  100. zygote.te