sepolicy : whitelisting system domains writing vendor props
Adding vendor process and access list to the violators based on the
following commit bb1432b61bab1b5a5286cad273ddf81af4372988.
Temporarily whitelisting system domains writing vendor props
system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.
Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.
These violators are allowed only for P, but not for Q.
Change-Id: I405b72d389c7b694c48e34168d9471c888b1e302
22 files changed