Google Git
Sign in
android / platform / external / sepolicy / bd0768cc93e6c934ccec62e521228fecddb5d61b
commitbd0768cc93e6c934ccec62e521228fecddb5d61b[log] [tgz]
authorWilliam Roberts <william.c.roberts@intel.com>Mon Feb 08 16:20:50 2016 -0800
committerNick Kralevich <nnk@google.com>Tue Feb 09 13:32:58 2016 -0800
tree6be4c74e8eeb08e8cc394b19f3b05756aef932b5
parenteebdb473079c1b0cefadf372d0139519ac1465ac [diff]
untrusted_app: confine filesystem creation to sandbox

untrusted_apps could be allowed to create/unlink files in world
accessible /data locations. These applications could create
files in a way that would need cap dac_override to remove from
the system when they are uninstalled and/or leave orphaned
data behind.

Keep untrusted_app file creation to sandbox, sdcard and media
locations.

Change-Id: Ife680cb9425dad8223651f16b9be8a3179839ec3
Signed-off-by: William Roberts <william.c.roberts@intel.com>
1 file changed
tree: 6be4c74e8eeb08e8cc394b19f3b05756aef932b5
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. binderservicedomain.te
  9. blkid.te
  10. blkid_untrusted.te
  11. bluetooth.te
  12. bluetoothdomain.te
  13. bootanim.te
  14. bootstat.te
  15. clatd.te
  16. CleanSpec.mk
  17. debuggerd.te
  18. device.te
  19. dex2oat.te
  20. dhcp.te
  21. dnsmasq.te
  22. domain.te
  23. domain_deprecated.te
  24. drmserver.te
  25. dumpstate.te
  26. file.te
  27. file_contexts
  28. file_contexts_asan
  29. fingerprintd.te
  30. fs_use
  31. fsck.te
  32. fsck_untrusted.te
  33. gatekeeperd.te
  34. genfs_contexts
  35. global_macros
  36. gpsd.te
  37. hci_attach.te
  38. healthd.te
  39. hostapd.te
  40. idmap.te
  41. init.te
  42. initial_sid_contexts
  43. initial_sids
  44. inputflinger.te
  45. install_recovery.te
  46. installd.te
  47. ioctl_macros
  48. isolated_app.te
  49. kernel.te
  50. keys.conf
  51. keystore.te
  52. lmkd.te
  53. logd.te
  54. mac_permissions.xml
  55. mdnsd.te
  56. mediaserver.te
  57. mls
  58. mls_macros
  59. MODULE_LICENSE_PUBLIC_DOMAIN
  60. mtp.te
  61. net.te
  62. netd.te
  63. neverallow_macros
  64. nfc.te
  65. NOTICE
  66. perfprofd.te
  67. platform_app.te
  68. policy_capabilities
  69. port_contexts
  70. ppp.te
  71. priv_app.te
  72. property.te
  73. property_contexts
  74. racoon.te
  75. radio.te
  76. README
  77. recovery.te
  78. rild.te
  79. roles
  80. runas.te
  81. sdcardd.te
  82. seapp_contexts
  83. security_classes
  84. service.te
  85. service_contexts
  86. servicemanager.te
  87. sgdisk.te
  88. shared_relro.te
  89. shell.te
  90. slideshow.te
  91. su.te
  92. surfaceflinger.te
  93. system_app.te
  94. system_server.te
  95. te_macros
  96. tee.te
  97. toolbox.te
  98. tzdatacheck.te
  99. ueventd.te
  100. uncrypt.te
  101. untrusted_app.te
  102. update_engine.te
  103. update_verifier.te
  104. users
  105. vdc.te
  106. vold.te
  107. watchdogd.te
  108. wpa.te
  109. zygote.te