diff options
| author | Nick Kralevich <nnk@google.com> | 2014-01-11 01:31:03 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-01-11 13:29:51 -0800 |
| commit | 623975fa5aece708032aaf29689d73e1f3a615e7 (patch) | |
| tree | c74f33a3a919a7b384833dd2caff8e9e1e32cbd6 /sdcardd.te | |
| parent | 06a0d786210332c0bb2a46b59f1796b74a133ac0 (diff) | |
| download | android_external_sepolicy-623975fa5aece708032aaf29689d73e1f3a615e7.tar.gz android_external_sepolicy-623975fa5aece708032aaf29689d73e1f3a615e7.tar.bz2 android_external_sepolicy-623975fa5aece708032aaf29689d73e1f3a615e7.zip | |
Support forcing permissive domains to unconfined.
Permissive domains are only intended for development.
When a device launches, we want to ensure that all
permissive domains are in, at a minimum, unconfined+enforcing.
Add FORCE_PERMISSIVE_TO_UNCONFINED to Android.mk. During
development, this flag is false, and permissive domains
are allowed. When SELinux new feature development has been
frozen immediately before release, this flag will be flipped
to true. Any previously permissive domains will move into
unconfined+enforcing.
This will ensure that all SELinux domains have at least a
minimal level of protection.
Unconditionally enable this flag for all user builds.
Change-Id: I1632f0da0022c80170d8eb57c82499ac13fd7858
Diffstat (limited to 'sdcardd.te')
| -rw-r--r-- | sdcardd.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1,5 +1,5 @@ type sdcardd, domain; -permissive sdcardd; +permissive_or_unconfined(sdcardd) type sdcardd_exec, exec_type, file_type; init_daemon_domain(sdcardd) |