Google Git
Sign in
android / platform / external / sepolicy / 3bb1ccc265bbc6e865506b38ae66721ec1177b55
commit3bb1ccc265bbc6e865506b38ae66721ec1177b55[log] [tgz]
authorGeremy Condra <gcondra@google.com>Mon Sep 16 14:53:41 2013 -0700
committerGeremy Condra <gcondra@google.com>Tue Sep 17 11:28:47 2013 -0700
tree219fffd16a9acaf16108d5453169b8b5cd4e1121
parent13a74a3aea0387ff45f27291a9abca46952b9aa3 [diff]
Fix long-tail denials in enforcing domains.

The specific denials we see are:

denied  { getattr } for  pid=169 comm=""installd"" path=""/data/data/com.android.providers.downloads/cache/downloadfile.jpeg"" dev=""mmcblk0p23"" ino=602861 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=file
denied  { fsetid } for  pid=598 comm=""netd"" capability=4  scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
denied  { read } for  pid=209 comm=""installd"" name=""cache"" dev=""mmcblk0p28"" ino=81694 scontext=u:r:installd:s0 tcontext=u:object_r:download_file:s0 tclass=dir

Bug: 10786017
Change-Id: Ia5d0b6337f3de6a168ac0d5a77df2a1ac419ec29
2 files changed
tree: 219fffd16a9acaf16108d5453169b8b5cd4e1121
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. bluetooth.te
  8. bluetoothd.te
  9. clatd.te
  10. dbusd.te
  11. debuggerd.te
  12. device.te
  13. dhcp.te
  14. dnsmasq.te
  15. domain.te
  16. drmserver.te
  17. file.te
  18. file_contexts
  19. fs_use
  20. genfs_contexts
  21. global_macros
  22. gpsd.te
  23. hci_attach.te
  24. healthd.te
  25. hostapd.te
  26. init.te
  27. init_shell.te
  28. initial_sid_contexts
  29. initial_sids
  30. installd.te
  31. isolated_app.te
  32. kernel.te
  33. keys.conf
  34. keystore.te
  35. mac_permissions.xml
  36. media_app.te
  37. mediaserver.te
  38. mls
  39. mls_macros
  40. mtp.te
  41. net.te
  42. netd.te
  43. nfc.te
  44. NOTICE
  45. ping.te
  46. platform_app.te
  47. policy_capabilities
  48. port_contexts
  49. ppp.te
  50. property.te
  51. property_contexts
  52. qemud.te
  53. racoon.te
  54. radio.te
  55. README
  56. release_app.te
  57. rild.te
  58. roles
  59. runas.te
  60. sdcardd.te
  61. seapp_contexts
  62. security_classes
  63. selinux-network.sh
  64. servicemanager.te
  65. shared_app.te
  66. shell.te
  67. su.te
  68. su_user.te
  69. surfaceflinger.te
  70. system.te
  71. te_macros
  72. tee.te
  73. ueventd.te
  74. unconfined.te
  75. untrusted_app.te
  76. users
  77. vold.te
  78. watchdogd.te
  79. wpa_supplicant.te
  80. zygote.te