Commits
Jindong committed 8a011200334
MA-13062 selinux: enable compatiable property config After enable compatiable property, build system will force check property selinux neverallow rules. There are 2 basic rules: rule1: system process can't access vendor property rule2: vendor process can't access system property To fix rule1, need add below attribute to related system process: typeattribute XXXX system_writes_vendor_properties_violators; For rule2, we need remove violated access to system property. What's more, all vendor defined properties need add some selinux labels, or they will be marked as default_prop, which is not allowed to access by vendor process. Finally, remove all unused property in init.rc. Change-Id: Ia20ae7f7dbdac447ab91f9ff624b75e4a31f7ece Signed-off-by: Jindong <jindong.yue@nxp.com> Reviewed-on: http://androidsource.ap.freescale.net/project/6208 Reviewed-by: guoyin.chen <guoyin.chen@nxp.com> Reviewed-by: zhang sanshan <sanshan.zhang@nxp.com>