diff options
author | Unsuk Jung <unsuk@google.com> | 2015-10-06 02:35:25 -0700 |
---|---|---|
committer | Unsuk Jung <unsuk@google.com> | 2015-10-06 02:35:25 -0700 |
commit | 5ead64e5f3e887bb1f3cb4a1f57fe6bb2c5db63a (patch) | |
tree | 883eae0dc7229ad61633aa4c7dc334d61b3ffa03 | |
parent | d07f7af0e6639e49db3e481553e50f949185834f (diff) | |
download | source.android.com-5ead64e5f3e887bb1f3cb4a1f57fe6bb2c5db63a.tar.gz |
CDD: Clarify SELinux CDD requirements.
Cherry-pick of https://android-review.googlesource.com/143432
Bug: 21819081
Change-Id: I48268c15642c7fdf6fdf51e2d60cf27cbd005819
-rw-r--r-- | src/compatibility/android-cdd.html | 33 |
1 files changed, 15 insertions, 18 deletions
diff --git a/src/compatibility/android-cdd.html b/src/compatibility/android-cdd.html index 461d05ff..5ede1345 100644 --- a/src/compatibility/android-cdd.html +++ b/src/compatibility/android-cdd.html @@ -4419,9 +4419,9 @@ Project provides an implementation that satisfies this requirement.</p> <h2 id="9_7_kernel_security_features">9.7. Kernel Security Features</h2> -<p>The Android Sandbox includes features that can use the Security-Enhanced Linux +<p>The Android Sandbox includes features that use the Security-Enhanced Linux (SELinux) mandatory access control (MAC) system and other security features in -the Linux kernel. SELinux or any other security features, if implemented below +the Linux kernel. SELinux or any other security features implemented below the Android framework:</p> <ul> @@ -4436,31 +4436,28 @@ unblocked security violation occurs resulting in a successful exploit.</li> affect another application (such as a Device Administration API), the API MUST NOT allow configurations that break compatibility.</p> -<p>Devices MUST implement SELinux or an equivalent mandatory access control system -if using a kernel other than Linux and meet the following requirements, which -are satisfied by the reference implementation in the upstream Android Open -Source Project.</p> +<p>Devices MUST implement SELinux or, if using a kernel other than Linux, an +equivalent mandatory access control system. Devices MUST also meet the +following requirements, which are satisfied by the reference implementation +in the upstream Android Open Source Project.</p> <p>Device implementations:</p> <ul> - <li>MUST support a SELinux policy that allows the SELinux mode to be set on a -per-domain basis, and MUST configure all domains in enforcing mode. No -permissive mode domains are allowed, including domains specific to a -device/vendor.</li> - <li>SHOULD load policy from /sepolicy file on the device.</li> + <li>MUST set SELinux to global enforcing mode.</li> + <li>MUST configure all domains in enforcing mode. No permissive mode domains +are allowed, including domains specific to a device/vendor.</li> <li>MUST NOT modify, omit, or replace the neverallow rules present within the -sepolicy file provided in the upstream Android Open Source Project (AOSP) and -the policy MUST compile with all neverallow present, for both AOSP SELinux +external/sepolicy folder provided in the upstream Android Open Source Project (AOSP) and +the policy MUST compile with all neverallow rules present, for both AOSP SELinux domains as well as device/vendor specific domains.</li> - <li>MUST support dynamic updates of the SELinux policy file without requiring a -system image update.</li> </ul> <p>Device implementations SHOULD retain the default SELinux policy provided in the -upstream Android Open Source Project, until they have first audited their -additions to the SELinux policy. Device implementations MUST be compatible with -the upstream Android Open Source Project.</p> +external/sepolicy folder of the upstream Android Open Source Project and only +further add to this policy for their own device-specific configuration. Device +implementations MUST be compatible with the upstream Android Open Source Project. +</p> <h2 id="9_8_privacy">9.8. Privacy</h2> |