Google Git
Sign in
android / platform / system / sepolicy / fda2db08f
commitfda2db08f1c7083a46a88c1feaf1c9ac54ffbe39[log] [tgz]
authorCarmen Jackson <carmenjackson@google.com>Wed Jun 23 16:21:49 2021 -0700
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Jun 24 23:51:19 2021 +0000
treec7981626cc4a113332ace03f03812120ab820a5f
parent90456d948e6f92540e7bba1488f2bfc6fb67d0d1 [diff]
Ensure that only desired processes can access TracingServiceProxy

This change adds a neverallow rule in traced.te to limit the processes
that can find tracingproxy_service, the context for TracingServiceProxy.

I wanted to avoid moving the tracingproxy_service definition to public,
so there were a few services that are exempted from this neverallow
rule.

Bug: 191391382
Test: Manually verified that with this change, along with the other
change in this topic, I see no errors when taking a bugreport while a
Traceur trace is running and the expected trace is included in the
generated bugreport.

Change-Id: I28d0b1b08baac43a53fe5a1ff0f67b788d51dc74
Merged-In: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89
(cherry picked from commit 2d6fb3971b8b4e8fb81d582273fb5d6803e5d309)
8 files changed
tree: c7981626cc4a113332ace03f03812120ab820a5f
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. prebuilt_policy.mk
  24. PREUPLOAD.cfg
  25. README
  26. seapp_contexts.mk
  27. TEST_MAPPING
  28. treble_sepolicy_tests_for_release.mk