selinux 项目

最新推荐文章于 2021-02-20 20:11:38 发布

Sunnie_ge

最新推荐文章于 2021-02-20 20:11:38 发布

阅读量173

点赞数

分类专栏： selinux

本文链接：https://blog.csdn.net/u013377887/article/details/108405665

版权

selinux 专栏收录该内容

9 篇文章 0 订阅

订阅专栏

selinux项目的网站地址

https://selinuxproject.org/page/TypeStatements

android selinux

https://source.android.com/security/selinux

Policy placement

In Android 7.0 and earlier, device manufacturers could add policy to BOARD_SEPOLICY_DIRS, including policy meant to augment AOSP policy across different device types. In Android 8.0 and higher, adding a policy to BOARD_SEPOLICY_DIRS places the policy only in the vendor image.

In Android 8.0 and higher, policy exists in the following locations in AOSP:

system/sepolicy/public. Includes policy exported for use in vendor-specific policy. Everything goes into the Android 8.0 compatibility infrastructure. Public policy is meant to persist across releases so you can include anything /public in your customized policy. Because of this, the type of policy that can be placed in /public is more restricted. Consider this the platform's exported policy API: Anything that deals with the interface between /system and /vendor belongs here.
system/sepolicy/private. Includes policy necessary for the functioning of the system image, but of which vendor image policy should have no knowledge.
system/sepolicy/vendor. Includes policy for components that go in /vendor but exist in the core platform tree (not device-specific directories). This is an artifact of build system's distinction between devices and global components; conceptually this is a part of the device-specific policy described below.
device/manufacturer/device-name/sepolicy. Includes device-specific policy. Also includes device customizations to policy, which in Android 8.0 and higher corresponds to policy for components on the vendor image.