sepolicy: Start CM Common sepolicy
Rather than having to maintain out of tree changes, it is often easier to maintain a hiearchy of changes, starting with the vendors common config file. From there, inheriting products can pick up a base and start to add or remove certain bits from it, making use of the BOARD_SEPOLICY_* functions documented in external/sepolicy/README. Change-Id: I28a4aaf6c126535f0a88001582641b234a750015
This commit is contained in:
parent
ab97793b76
commit
754bef5027
@ -247,5 +247,5 @@ PRODUCT_PROPERTY_OVERRIDES += \
|
||||
ro.cm.version=$(CM_VERSION) \
|
||||
ro.modversion=$(CM_VERSION)
|
||||
|
||||
|
||||
-include vendor/cm/sepolicy/sepolicy.mk
|
||||
-include $(WORKSPACE)/hudson/image-auto-bits.mk
|
||||
|
33
sepolicy/mac_permissions.xml
Normal file
33
sepolicy/mac_permissions.xml
Normal file
@ -0,0 +1,33 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<policy>
|
||||
|
||||
<!-- Most Google-authored apps -->
|
||||
<signer signature="308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a" >
|
||||
<!-- This should probably be refined, but it's a ton of them -->
|
||||
<allow-all />
|
||||
<!-- We should only add the exact key + package name, rather then giving this to all gapps -->
|
||||
<seinfo value="release" />
|
||||
</signer>
|
||||
|
||||
<!-- Youtube -->
|
||||
<signer signature="30820252308201bb02044934987e300d06092a864886f70d01010405003070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e301e170d3038313230323032303735385a170d3336303431393032303735385a3070310b3009060355040613025553310b3009060355040813024341311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c652c20496e6331143012060355040b130b476f6f676c652c20496e633110300e06035504031307556e6b6e6f776e30819f300d06092a864886f70d010101050003818d00308189028181009f48031990f9b14726384e0453d18f8c0bbf8dc77b2504a4b1207c4c6c44babc00adc6610fa6b6ab2da80e33f2eef16b26a3f6b85b9afaca909ffbbeb3f4c94f7e8122a798e0eba75ced3dd229fa7365f41516415aa9c1617dd583ce19bae8a0bbd885fc17a9b4bd2640805121aadb9377deb40013381418882ec52282fc580d0203010001300d06092a864886f70d0101040500038181004086669ed631da4384ddd061d226e073b98cc4b99df8b5e4be9e3cbe97501e83df1c6fa959c0ce605c4fd2ac6d1c84cede20476cbab19be8f2203aff7717ad652d8fcc890708d1216da84457592649e0e9d3c4bb4cf58da19db1d4fc41bcb9584f64e65f410d0529fd5b68838c141d0a9bd1db1191cb2a0df790ea0cb12db3a4" >
|
||||
<allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
|
||||
<allow-permission name="android.permission.NFC" />
|
||||
<allow-permission name="android.permission.USE_CREDENTIALS" />
|
||||
<allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.YouTubeUser" />
|
||||
<allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
|
||||
<allow-permission name="android.permission.ACCESS_WIFI_STATE" />
|
||||
<allow-permission name="android.permission.GET_ACCOUNTS" />
|
||||
<allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH" />
|
||||
<allow-permission name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
|
||||
<allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
|
||||
<allow-permission name="android.permission.CAMERA" />
|
||||
<allow-permission name="android.permission.INTERNET" />
|
||||
<allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.youtube" />
|
||||
<allow-permission name="android.permission.MANAGE_ACCOUNTS" />
|
||||
<allow-permission name="android.permission.CHANGE_NETWORK_STATE" />
|
||||
<allow-permission name="android.permission.WAKE_LOCK" />
|
||||
<allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
|
||||
<seinfo value="release" />
|
||||
</signer>
|
||||
</policy>
|
10
sepolicy/sepolicy.mk
Normal file
10
sepolicy/sepolicy.mk
Normal file
@ -0,0 +1,10 @@
|
||||
#
|
||||
# This policy configuration will be used by all products that
|
||||
# inherit from CM
|
||||
#
|
||||
|
||||
BOARD_SEPOLICY_DIRS := \
|
||||
vendor/cm/sepolicy
|
||||
|
||||
BOARD_SEPOLICY_UNION := \
|
||||
mac_permissions.xml
|
Loading…
Reference in New Issue
Block a user